on 07-11-2011 9:26 AM
Hi
I have many company org chart on the the same org chart, how can I restrict user to view only their company org chart?
you can use structural authorizations
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
we can use Structural authorizations for more specific authorization checks (this is sepearate from security/basis auhthorizations)
we can configure in the table T77UA (User Authorizations = Assignment of Profile to User) to assign structural
profiles.
for more info refer the link
http://help.sap.com/erp2005_ehp_03/helpdata/en/34/49ba3b3bf00152e10000000a114084/content.htm
this below link helps you to configure
hope this helps you
Edited by: Piscian . on Jul 11, 2011 11:32 AM
Hi,
We can restrict user to access one particular Org Unit, by using Structural Authorizations Concept.
HR Consultant can do this with out a BASIS Consultant.
Configuration Steps
SPRO --> IMG --> PER MANAGEMENT --> ORG MANAGEMENT --> BASIC SETTINGS --> AUTHORIZATION MANAGEMENT --> STRUCTURAL PROFILES
Here we need to configure the Structural Profiles
There are two ways for assigning the profile.
1/ By assigning the Profile to the USERNAME (Table - T77UA / TCode - OOSB)
2/ By assigning the profile to the Position (In OM)
Revert if you have any questions
Good Luck...!
KK
Hi
FYI
Introduction
In Human Resources, authorizations play a significant role since access to HR data must be strictly controlled. There are two main ways to set up authorizations for SAP Human Resources: You can set up general authorizations that are based on the SAP-wide authorization concept or you can set up HR-specific structural authorizations that check by organizational assignment if a user is authorized to perform an activity.
The structural profile determines which object in the organizational structure the user has access to.
The general profile determines which object data (infotype, subtype) and which access mode (Read, Write, ...) the user has for those objects.
In contrast to general authorization profiles, which are assigned using the Profile Generator (PFCG
transaction), you use table T77UA (User Authorizations = Assignment of Profile to User) to assign tructural profiles.
Structural profiles use the data model of the Organizational Management to build hierarchies using objects and relationships.
Steps to implement Structural Authorization
Let‟s take a business scenario to understand how structural authorization works. The scenario is as follows:
u201CUser SMITH is the chief of org. unit 00000220 u201CExecutive Board u2013Italyu201D and he should be allowed to access data of those employees who belongs to this org. unit.
The following section will tell you how this requirement can be addressed in SAP using structural authorization.
1. Step1: Maintain structural authorization profile in view T77PR
By entering a specific evaluation path (O-S-P in this example) in the field u201EEval. Path‟, you can determine that the user is only authorized to access objects along this evaluation path.
Evaluation paths "collect" objects from a start object in an existing structure according to their definition: The definition of an evaluation path determines the start object and which object types using which relationships are selected. Few more fields which you can enter in this view:
a. Period - In this field, you can define the profile according to the validity period of the structure. You
can enter the following options: Key date, all, and different periods such as current year, current
month and so on. If you select the entry D (current day), the structural authorization is limited to the structures valid on the current day.
b. Function Module - You can use this field to specify a function module that determines the root object dynamically at runtime.
The advantage of using function modules is that each time you define an authorization profile, the function module generates a user-specific profile for each user at runtime.
If a manager changes department, for example, the corresponding profile in the T77PR table
(Definition of Authorization Profiles) does not need to be changed.
O stands for
Org Unit
Org Unit Id
(Root object)
Following function modules are delivered in the standard system:
- RH_GET_MANAGER_ASSIGNMENT (Determine Organizational Units for Manager)
- RH_GET_ORG_ASSIGNMENT (Organizational Assignment)
c. Depth (Display Depth)
You can use this field to determine which level of a hierarchical structure a user is authorized to access.
2. Step2: Assign structure authorization profile to user in view T77UA
Impact of Structural Authorization on SAP HR Transactions
u2022The below screen shows the complete organization hierarchy of an organization using transaction PPOME.
Figure1: Complete Organization hierarchy for a IDES company
u2022When user SMITH logs on to the system and looks for the organization hierarchy using transaction
PPOME, it will look like as show below.
Figure2: Organization hierarchy for organization unit 00000220
You can easily notice that SMITH can only view organization hierarchy for organization unit 00000220 and not the complete organization hierarchy. Org hierarchy of org. unit 00000220
u2022When user SMITH tries to look for master data for personnel no. 1, he will get an error as shown in
the screen-shot below. Reason: Personnel no. 1 is not a part of org hierarchy 00000220.
Figure3: HR Master Data screen
u2022User SMITH will get an error if he wants to read employee 00000001 data using FM u201CHR_READ_INFOTYPEu201D as shown in the screen-shot below.
Figure5: Function module execution via SE37 transaction
u2022When user SMITH tries to look for details of position 50006025, he will get an error as shown in the screen-shot below. Reason: Position 50006025 is not a part of org hierarchy 00000220.
Figure4: Screen to maintain PD Objects
BADI for HR Authorization Checks
You can implement a customer-specific test procedure for general and structural authorization checks using a Business Add-In (BADI). The BADI for the structural authorization check is called HRBAS00_STRUAUTH.
Regards,
Prasad
User | Count |
---|---|
104 | |
12 | |
11 | |
6 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.