06-17-2010 10:18 PM
I have a requirement to set up security for qualifications such that all qualifications (Q) within a particular qualification group (QK) be visible to the employee who holds the qualification so that they can add, modify and delete qualifications in this group through ESS. That part is standard. The tricky part is that managers should NOT be able to see that their employees hold qualificaitons from this qualification group. Managers must be able to see all other qualificaitons the employee holds, just not any from that qualification group. All other qualification groups must function as normal where a manager may view, update, modify and delete their employees qualifications through MSS.
More information that may or may not be useful. We are deploying the standard delivered qualification managed tools through ESS and MSS that allow an employee to add, modify and delete their own qualifications and also allows managers to do the same. Qualification groupings (QK) are objects stored in HRP1000 and they are related to employees through HRP1001. Also, I am almost completely unfamiliar with how security is done in SAP. Thank you I appreciate any help that can be provided.
Whitney
06-21-2010 11:01 PM
Hi Whitney,
Make sure to create qualification tasks in such a way that it does not get included in the Qualification catalog before creating the profile which will be assigned to the Employees Manager.
06-22-2010 12:01 AM
Whitney,
Let say you have User1 to User3.
Qualigication: Q1 to Q20
Qualification group: group1 to group5
Group1 : Q1 to Q5
Group2 : Q6 to Q7
group3: Q8 to Q14
Let stay
User 1 will be able to see group1
User 2 will be able to see group2
user 3 will be able to see group3
Now manger will be able to see
Manager will be able to see : Q15 to Q20
So you can restrict on P_ORGIN
User 1 will get group1 access:
Infotype : Enter your infotype
Subtype: Subtype
Authorization Level : W
Personnel Area
Employee Group: group1
Employee Subgroup
Organizational Key
Manager will get:
Manager will get access to Q15 to Q20:
Infotype : Enter your infotype
Subtype: Subtype
Authorization Level : W
Personnel Area
Employee Group: Q15 to Q20
Employee Subgroup
Organizational Key
Thanks,
Sri
09-16-2010 5:44 AM
Hi,
Use context sensitive authorisations P_ORGINCON (switch on in tcode OOAC).
AUTSW INCON 1
Create structural profile (OOSP) which returns employees of manager and all Q objects what manager should see from his/her subordinates. nnnnnnnn refers to the Qualification Group (QK) which has the qualifications manager should be able to see. Make also sure that all employees and managers have their infotype 0105 subtype 0001 mapped to their user id.
<your manager profile>|10|01|O | |X|O-O-S-P |12| | |D|RH_GET_MANAGER_ASSIGNMENT
<your manager profile>|20|01|QK|nnnnnnnn| |QUALCATA|12| | | |
Then assign that to manager user-id (OOSB) and add this object P_ORGINCON to manager role (PFCG):
AUTHC: R
INFTY: 0024
PERSA: *
PERSG: *
PERSK: *
SUBTY: *
VDSK1: *
PROFL: <your manager profile>
99% of the companies use the "new" assignement of qualifications to employee using relationships (infotype 1001 between objects Q and P). But still authorisation to see which qualifications can be seen is depending on infotype 0024 authorisations. In the future also PLOG_CON object can be used to achieve this but it is not currently supported...
Regards,
Saku