Hi,
I have a question regarding structural authorizations in HCM and context solution. See problem below.
Role Manager in MSS will have access to PA data for org.unit A - iView will be Manager.
Role Manager Substitue in MSS will have access to less PA data than role Manager for org.unit A but this user will also have role Manager in MSS with access to more PA data for org.unit B - iView will be Manager and another tab for Manager Substitute.
You could use authorization object P_ORGINCON and add the authorization profile for org.unit A for Manager in one role (PFCG) and authorization profile for org.unit B for Managers Substitute in other role (PFCG). But this is not a solution when Managers will be set up in about 1000 different organizational units! Then you would need to create one role per org.unit for Managers e.g 1000 roles for each authorization profile och one role per org.unit for Managers Substitute e.g 1000 roles and manually add these to users to avoid overriding authorizations.
You could use function module RH_GET_MANAGER in PD profile and assign PD profile to position Manager to avoid creating 1000 roles (PFCG). Problem will be when creating PD profile for Managers Substitute and using function module RH_GET_MANAGER cause the roles (PFCG) will then override in authorizations for the user having both role Manager and Managers Substitute.
How do I get authorization profile for Managers in org.unit A to role Manager and authorization profile for Managers Substitute to role Managers Substitute? How can I minimize the number of roles and administration effort?
BR
Jaana Chivers