Skip to Content
0
Former Member
Jan 25, 2011 at 01:45 PM

LSO - Structural authorizations based on catalogue structure

182 Views

Hi,

We are currently implementing SAP Learning Solution 6.0 and are using structural authorizations to limit the objects an administrator can maintain (they can see all). From a functional perspective, the structural authorizations are defined like this:

The course catalogue (composed of "course groups" (object L)) is structured in various levels. People (admins) can standard see all these objects (including the object in this structure, such as EK, DC, D, EC, E). However, they can only change the objects if there is a custom (Z) relationship between their position (S) and a specific course group (L). They can also see all objects "below" this assigned course group. E.g a super-admins position is assigned to the top level course group, and therefore requires access to this course group, all courses below this course group, and all LSO objects in this course group structure (EK, DC, D, EC, E). All other objects are "view only".

We are using structural authorizations to make this happen. We have created a custom function module to retrieve the proper objects to be maintained and customized the necesarry things in OOSP/OOSB.

The following things work fine:

  • The admin can see all LSO objects (= the entire course catalogue);

  • The admin can change only LSO objects that are part of the structure where there is an assignment between his position and course group;

So far, so good.

However, when this admin would like to create an object (using LSO_PVCT) in the structure he has access to, we receive a "no authorization" error. At first we've found it very strange, since we could make changes in this structure. But now we think the problem lies in the fact that -at moment of creation- no relationship exist already between the to-be-created-object and the can-be-changed-structure.

Any idea how to proceed? I know the issue here is related to LSO-objects, but I can imagine other people had the same problem in the past with other objects (people who have access to only a part of the org structure and need to create org units within that structure)?