Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Structural authorisation in HR-PD

Go to solution
Former Member

‎03-27-2007 5:57 PM

0 Kudos

Hi there,

Can somebody kindly advise how I can set up the following authorisation in PD.

In the Qualification Catalog OOQA, we are giving a display authorisation to the PD administrators to see the entire structure in the qualification master data catalog. We created a profile for Q and QK, along with evaluation paths Q-Q and QK-QK defined for each of them, and this works fine.

Now the question is that, we would like to retrict the admin's access in PPPM so that,

1) when they assign qualification to Position profile, they can only pick up a certain qualification from the qualification structure. Those that are no supposed to be picked, should be hidden (or the "checkbox" should not be visible)

2) When they assign qualification to Person profile, they are allowed to pick-up nearly all the qualification available in the qualification catalog, except for one specific qualification group.

If I restricted objects Q and QK with some specific object IDs, then the view in OOQA will also be affected.

I currently have two authorisation profiles for Q&QK. One without the Object IDs so that the user gets full display access to the whole structure in OOQA; the other one with Object IDs defined. I also tried it with PLOG_CON and still couldn't get it to work.

Does anyone have any solution for this?

I've been fighting with this issue for weeks now, I will REALLY REALLY appreciate your advise.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-20-2007 12:53 AM

0 Kudos

Hello

You need to make sure that the context specific switcher (Tcode OOAC) are appropriately turned on. Once these switchers (ORGPD, INCON) are turned on, PLOG_CON will be checked. You would also like to change the status of this object in SU24 from not checked to Checked and maintained. Once this is done, try the same profiles. It should be fine.

Thanks

Snehal Pandya

6 REPLIES 6

Go to solution
former_member66268
Active Participant

‎04-18-2007 5:56 PM

0 Kudos

I dont have much idea about Qual Objects with respect to Structural Authorization. But there is an option to put-in a Function module with the structural profile. Why dont you explore that option if you dont get a straight forward solution? In that way you can determine how and which objects are selected and authorised to view. Write your own function module (on the likes of RH_GET_MANAGER_ASSIGNMENT) and assign it to the profile.

Regards

Chandra

Go to solution
manohar_kappala2
Contributor

‎04-18-2007 8:07 PM

0 Kudos

Hi BT,

what values did u use for the PLOG_CON object?

You might want to use more than one instance of PLOG_CON object

with difference in values

PLOG_CON1:

Object Type (S) Position

Authorization Profile field (restricted PD Profile)

PLOG_CON2:

with Object type P (person)

Authorization Profile (giving full access)

Both however need to have corresponding required Infotypes and subtype read/write access which should be same.

Hope this helps

Let me know if it works

Cheers

Manohar

Go to solution
Former Member
In response to manohar_kappala2

‎04-19-2007 6:50 AM

0 Kudos

Thanks Chandra and Manohar!

I coldn't get PLOG_CON to work. It seems like the system still looks for PLOG during the authorisation check. I tried to activate PLOGI-PDCON via table T77S0 (not sure if this is relevant), but the same error persists.

We are running on ECC 6.0, and the documentation in SAP for PLOG_CON says - "IMPORTANT: Do NOT use this authorization object. It does not work." Any advice, Manohar?

Chandra, could you also explain in detail where/how I can define the function module for my case?

Thanks and appreciate your time!

Go to solution
manohar_kappala2
Contributor
In response to manohar_kappala2

‎04-19-2007 2:46 PM

0 Kudos

Yeah thats true the object is not working properly.

Customization is the only other option i can see.

As the PLOG control the HR Objects but is not capable to distinguish between them.

For eg: you can control whether this role provides access to position type objects but it cannot be controlled which positions (in a given planversion) he can access.

Perhaps you can try to see if a function module exists or else custom create one.

So that you can add that while creating the PD profile.

Go to solution
Former Member

‎04-20-2007 12:53 AM

0 Kudos

Hello

You need to make sure that the context specific switcher (Tcode OOAC) are appropriately turned on. Once these switchers (ORGPD, INCON) are turned on, PLOG_CON will be checked. You would also like to change the status of this object in SU24 from not checked to Checked and maintained. Once this is done, try the same profiles. It should be fine.

Thanks

Snehal Pandya

Go to solution
manohar_kappala2
Contributor
In response to Former Member

‎04-20-2007 2:24 AM

0 Kudos

Hi

The switches through OOAC are infact entries in table T77S0.

Once they are activated the checks for these objects come into play but

in SU21, when you see the documentation for PLOG_CON there is an SAP message saying

NOTE: Do NOT use this authorization object. It does not work.

Sneha can you please let us know the release and the patches where you are able to use the PLOG_CON?

Thanks Regards,

Manohar