Skip to Content
avatar image
Former Member

Structure Authorization Issue

Hi guys,

I don't have structure authorization implemented or HR system implemented. I was playing with my sandbox system to learn structure authorization by using step by step tutorial. After I created a structure authorization for two users I deleted everything related to structure authorization but unfortunately, some t-codes related to org chart for example PPOME, PPOMW are not working properly, its not allowing to create new org char.

We have another team needs to create some org chart for prototyping but they can't create org chart its giving no authorization error when I ran SU53 it's not giving regular auth error its also give failed HR structure authorization error, this is the error in su53 coming (Date 10/01/2010 and time Plan version 01 Object ID 5000075 Action LISD) there are so many different object ID on the list.

They all already have SAP_ALL in the system. Can anybody give some kind of report so I remove structure authorization completely from the system.

Please help

Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 06, 2010 at 11:01 PM

    Hi Faisal,

    You may have deleted bit too much:

    In OOSP (T77PR) check that you have profile ALL:

    ALL | 0 | ** | * | | X | | | | | |

    In OOSB (T77UA) check that you have assignment:

    SAP* | ALL

    You can also switch structural authorisation check off in OOAC (T77S0):

    AUTSW | ORGPD | 0

    That should help and restore access to the other team.

    Regards,

    Saku

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Thank you so much guys.

      I resolved the issue without deleting the org unit. There was lot of org units have been created and ass org units were disappeared thatu2019s why I canu2019t even see it, but once this thing resolved all the org units came backu2026Wow

      I created SAP* with all profile and it has resolved the issue.

      Thanks guys

      Faisal

  • avatar image
    Former Member
    Oct 06, 2010 at 09:26 PM

    Now lets start with some overview of Structural Authorization.

    Before we move into some depth of this, you need to have a basic concept which may be misleading from the presence of word Authorization in this phrase "Structural Authorization". The word Authorization in SAP comes with an primitive idea that reveals the phenomena as "The Permission or privileged to perform some Transactional (or may be reporting) action". But for Structural Auth. this is different as there is not concept of granting access to any action in a HR specific Transactional activity.

    After you get the idea of OM in SAP HR you can understand the reason why I have said in such a way. It's like you are in a Spider Net. Where each crossing or section represents one object (like person, position or org. unit etc.) and Structural Authorization determines how much you can move surround to your node. So the actions still need to be determined by the concept of Authorization Objects (HR related Authorization Objects starts with P. Do a search in SU21 and/or go through the [HR Auth Object documentations|http://help.sap.com/saphelp_erp60_sp/helpdata/en/5c/73ba3bd14a6a6ae10000000a114084/content.htm]).

    Now what we understood from the above discussion is that the Structural Authorization is not an Independently existing creature but it supplements the [General Authorization Check in HR|http://help.sap.com/saphelp_erp60_sp/helpdata/en/83/72ba3bd14a6a6ae10000000a114084/content.htm].

    In the next section lets discuss about the procedure to set up Structural Authorization for HR Security.

    regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 06, 2010 at 11:13 PM

    Structural Authorization Check

    Structural authorizations are used to grant access to view information for personnel where HR OM has been implemented as we stated. The Access is granted to a user implicitly by the useru2019s position on the organizational plan.

    On top of the general authorization check, which is based on authorization objects, you can define additional authorizations by hierarchical structures.

    In each area, the combination of start object and [Evaluation Path|http://help.sap.com/saphelp_erp60_sp/helpdata/en/35/26c256afab52b9e10000009b38f974/content.htm] from an existing structure returns a specific number of objects. This exact combination, in other words the number of objects returned by this combination, represents a useru2019s [Structural profile|http://help.sap.com/saphelp_erp60_sp/helpdata/en/0c/49ba3b3bf00152e10000000a114084/content.htm]. So structural authorization check is therefore based on a Dynamic concept: The concrete objects that are returned by a structural profile change as the structure (under the start object) changes.

    Steps to Perform to Set Up Structural Authorization Check in brief:

    (Before start moving for str. auth profile it is assumed that the Switch AUTSW for HR General Authorization check is also activated in table T77S0. Structural Authorization won't give the access for accessing HR data as described in the last posts and works together with General Authorization - to remind you)

    1. Integration: Control parameters for the integration of Personnel Planning and Development (PD) with other applications (such as Personnel Administration (PA) and Cost Accounting (CO), etc.) are specified in the "PLOGI" group.

    2. Turn on PD PA switch: TCode used is OOPS. Ensure value registered for PLOGI u2013 ORGA is X. No other values need to be checked or changed.

    (Note: PD and PA sub modules of HR are not configured to share data by default in the SAP delivered system. This switch must be on for data to flow between both modules.)

    3. Turn on Structural Authorizations Main Switches : TCode is OOAC. Value for ORGPD is set to 1.

    4. Create Org. Plan (check the first post).

    (Note: Do not create your Organizational Plan without this switch on. If you do, structural authorizations will not work and some org and infotype setup will not work. You cannot turn the switch on and get structural authorizations on an organizational plan, that was created while it was off, to work..)

    5. Create Personnel Master Record: Tcode is PA40. This is time consuming staff. 😔

    6. Create record for Infotype 0105 - TCode is PA30.

    7. Create Structural Authorization Profiles u2013 TCode = OOSP

    8. Create entry for IT 1017 - TCode is PO10 (Organizational Unit) or PO13 (Position).

    9. Assignment of Structural Authorizations: The assignment of the Structural Authorization can be found with good details here in [SAP Help|http://help.sap.com/saphelp_erp60_sp/helpdata/en/97/27973b3ea3eb0fe10000000a114084/frameset.htm].

    Please check and let us know for any query.

    Regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Dipanjan

      I also like to thank you for your effort to write lot of Structure authorizations details. I want to let you know the steps that you mentioned I followed when I created the structure authorizations. Iu2019m not that naive in HR because I have learned and implemented whole TVM security implementation and use all part of HR authorization except structure authorizations.

      Thanks again

      Fasial.

  • avatar image
    Former Member
    Oct 07, 2010 at 08:04 AM

    Hello Faisal,

    The Practical solution of this issue is to check if structural authorization switch is off in OOAC (T77S0)

    Then check for the User for which you are getting SU53 is assigned to any structural or not check entry in T77UA table ,if you get the user id in that table please remove user from any position (If assigned ) and run RHPROFL0 .

    For Position Assignment you can use Tcode PO13 .

    Thanks

    Dheeraj

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 06, 2010 at 07:53 PM

    Hi,

    It seems you are working on HR Security for first time. So, before you start Structural Authorization let me put a pre-requisites for the same:

    To understand the Structural Authorization concept and the reason behind for developing such security model you need to have a basci overview of [HR Organizational Management|http://help.sap.com/saphelp_rc10/helpdata/en/bb/bdaff3575911d189240000e8323d3a/frameset.htm] in SAP. Please note that the main concept of HR has not been changed too much from SAP 4.7 EE version. So you need not to look for latest ehp4 version.

    I am not discussing about the details of OM.... before you start Structural Authorization you should have a clear understanding of the objects like O, S, P etc.... their inter-relation and dependencies.

    After you are through with basics of OM you can easily understand the model of an Organization by using Org. Management which is called Organizational Plan. This is the graphical view of your Organization from the Top most position (CEO or MD etc.) to the most native or granular lowest level of employees existing in your organization with the relationship in-between the connecting layers. For details on OM and setting up Org. Plan you can have a look into [Organizational Management Integration|https://websmp201.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700007865042002E].

    Note: If you are following the new generation SAP business by design which has came from SAP as an On Demand Solution in the On Demand market place then you can check the [New generation OM set up|https://websmp201.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700000813262010E].

    We will have the discussion on HR structural Auth in the next post (better to keep in separate from this introductory part and good for character limitations).

    Regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded