cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Structural Authorizations

Former Member

on ‎12-07-2007 10:42 AM

0 Kudos

Dear all,

I am trying to use structural authorization to make sure that a person while making his substitute in the business workplace

Is allowed to see only his organizational unit and should not be able to view a person from any other department.

And if he is moved to some other department he should be able to see people only from that Org Unit and not from his previous Org unit.

I have followed each and every step of the document provided at

"http://sapbasis.msspro.com/securitydocs/structural_authorizations_step_by_step.doc"

But for some employees it works fine but for the employees in the same Org unit it does not show anything at all.

If anyone can suggest anything that i may be missing please do help me.

I m working on SAP 4.6C.

Best Regards

Madiha

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎12-07-2007 6:08 PM
0 Kudos

Hi..

The structural authorization can be maintained for the employee based on position. Make sure the position is having the right PD profile assigned ( IT 1017 )

Based in the PD profile assigned, the employee will have authorization to view the data. If a PD profile is not assigned, assign it. If its not available then we can create a PD profile using OOSP T Code and then assign it.

Hope this helps ! if so reward.

Thanks

Shyam

Show replies
Show replies
Former Member
‎12-08-2007 8:26 AM
0 Kudos

Thank you for the help.Now i have done that and my profile that i assigned to the user has an evaluation path O-S-P but what it does is that it brings those records as well who have been moved to another department due to the relationships created earlier.What can be doen to view only the current valid for only that department records?

Any help will really be appreciated.

Regards

Madiha

former_member66268
Active Participant
‎12-08-2007 8:55 PM
0 Kudos

Structural authorization to be used in conjunction with the regular classical authorization. Restrict the population which should not be available to the profile via classical authorization profile. Also check to see if the structural auth is anyway overlapping the classical authorization. If so use context sensitive Authorization objects in the classical authorization profile...

Regards

Chandra

Former Member
‎12-07-2007 1:25 PM
0 Kudos

Hi,

This belongs to Structural Authorization. As per the standard you can set the authorization for the position in that org unit. Kindly ensure you have created authorization for the correct positions. if you want to more kindly revert back. For Eg., if you assigned the authorization for the Production Head Position in the production dept, then the person who accomodates that position is able to view that entire dept. Kindly revert back if you have any queries

Show replies
Show replies
Former Member
‎12-08-2007 8:26 AM
0 Kudos

Thank you for the help.Now i have done that and my profile that i assigned to the user has an evaluation path O-S-P but what it does is that it brings those records as well who have been moved to another department due to the relationships created earlier.What can be doen to view only the current valid for only that department records?

Any help will really be appreciated.

Regards

Madiha

Former Member
‎12-08-2007 8:37 AM
0 Kudos

Hi Madiha,

Use Object ID to restrict the authorization for the corresponding Organization.

Good Luck

Om

Former Member
‎12-10-2007 6:35 PM
0 Kudos

Hi..

What i believe is that when the employee moves to a new Org unit, still the PD profile points to the OLD org unit only.

May be try assigning to a different PD profile. Also check in T77UA table if the user is assigned with the right profile.

Hope this helps ! if so reward.

Thanks

Shyam

Former Member
‎12-12-2007 4:28 AM
0 Kudos

Thanks...i have checked the profile ....the user is assigned to the profile which was developed considering the right path and using a function module RH_GET_ORG_ASSIGNMENT and he is only assigned to this profile.But the Org units he had a relationship earlier and were delimited too as soon as the relation finished and he was moved to the new org unit but when the structural authorization are run the positions and persons from old Org unit come up with the new ones...any other suggestion or anything i may be missing on my part....i shall really be grateful

Former Member
‎01-15-2008 5:41 AM
0 Kudos

In specifying the profile for structural authorization (using T-code oosp) i have used 'D' in the period column which will ensure that only the valid records as per today's date are retrieved.

This was further checked when the user's authorizations for Position('S'), Person('P') and Organizational Unit('O') were explored in T-code oosb using the info column against that user.All the O,P,S were listed whom that user should have the access to, i.e. valid records as per today were listed.

But when that particular user is logged in and he tries to maintain the substitute he can still view invalid records as per today(Invalid records are those that were deleted once the user was moved to a different location,or the relationship between user and O,S was changed before the current date) and in our business scenario such records should not be visible to the user.

I m using SAP 4.6C

former_member66888
Participant
‎02-07-2008 11:11 AM
0 Kudos

Hi,

There are two methods to update the authorization profiles of user ids based on their organizational assignment:

1. Infotype 1016 of position is created with the authorization roles and then transaction PFUD is run/scheduled to run daily.

2. Relationship infotype 1001 is created of the position with authorization role and then the program RHPROFLO is run and preferably scheduled for daily run.

depending on which method u r using, run the update program

Ask a Question