Skip to Content
avatar image
Former Member

HR Structural Authorizations

Hi All,

My company is ugrading to ECC 6.0 now they are planning to implement structural authorizations. They are currently using ESS and MSS, they are in dilemma whether to implement structural authorizations because of its complexity to maintain.

Iam wondering whether any of you have any experience with structural authorizatons, If so please do share your experience.

Thanks,

Kavitha

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Nov 09, 2006 at 08:35 AM

    Hi

    I have been using structural authorization a lot, I, depending on your requirement, I would always recommend using them.

    Of course it will expand the complexity of your system, but you'll also gain a lot. e.g. giving managers access to own organizational unit etc.

    If you are going for structural authorization i will suggest that you:

    1. Creates a profile, "Own_Unit", with use of the function module feature using the function module RH_GET_ORG_ASSIGNMENT. The requirement here is that infotype 0105 0001 is maintained. By doing this you do not have to create a profile for all of your department. (If you have other requirement, you can even create your own functionmodules)

    2. Have a look at the SAP* user in OOSB. If no entry for a user is found in OOSB, the user will get the access of SAP, normally that will be full access. A good idea, from a security point of view is therefor - delete the SAP entry, or create a new profile for this user, only containing the none critical issues.

    3. At last have a look at the context solution, that is use P_ORGINCON instead of P_ORIGIN etc.

    And then of-course please notice that structural authorization are only use on HR object, you can not use them e.g. to control access to cost center report. And on the other hand, when implemented it will impact your entire system, e.g. it will also control which persons you can assign to a maintenance order in PM etc.

    Regards

    Morten Nielsen

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      You can try using org keys with combinations of pers.area + cost centers. This will give you ability to control via P_ORGIN or P_ORGINCON if you are using structural authorizations.

      Alternatively, you can model your org structure based on your cost center hierarchy, and implement structural auth.