Script:
Owner:
Subdir: amythistle
Blog ID: 79889238
Group ID: User ID: 79186028

Explore the Network

Blog Post

    Understanding how context authorizations work in HR security

    Friday, May 4, 2012, 3:51 PM
    Categories: HR , Manager Self-Service , Employee Self-Service , Payroll , HR Reporting , Training , Recruitment , Talent Management , Implementations and Upgrades , Compensation Management , Time Management , Benefits

    This HR tip comes courtesy of Juliet Henry of EPI-USE America, who is speaking at our HR 2012 event, 6-8 June in Milan, Italy.

    Quick review:
    •Standard authorization vs. structural authorizations
    Standard HR authorizations define which transactions, infotypes, and subtypes the user can maintain and/or display
    Standard HR authorization = WHAT the user can do
    The structural authorization will grant access to personnel data for employees within a specific area of the organization
    Structural authorization = WHO the user has access to

    What’s new:
    •A link between a standard HR authorization, which defines the infotypes and subtypes the user can maintain and/or display, and a structural authorization, which defines a group of employees within a specific area of the organization, is established

    •Standard HR authorizations can be linked to different structural authorizations, thereby granting distinct infotype access to separate groups of employees

    •Multiple combinations of standard and structural authorizations can be defined within a single user role, thereby eliminating the need for users to have more than one user ID to avoid context conflicts

    Context-Sensitive Authorization Objects:
    •P_ORGXXCON HR: Master Data – Extended Check with Context
    P_ORGXX with the additional field, Authorization Profile
    Authorization Profile = link to structural authorizations
    Must activate the XXCON authorization switch and deactivate the ORGXX authorization switch

    •HR: Customer-Specific Authorization Check with Context
    Customer-Specific Authorization Check with the additional field, Authorization Profile
    Authorization Profile = link to structural authorizations
    Must activate the NNCON authorization switch and deactivate the NNNN authorization switch
    Fields comprising the Customer-Specific Authorization Check:
    Authorization Level, Infotype, and Subtype – mandatory
    Any other fields from IT 0001 Organizational Assignment, including custom fields
    Transaction code (TCD) – optional
    Infotype-subtype combination field (INFSU) – optional

    Points to remember:
    •If the user requires access to all objects and people in the organizational structure

    Use ALL in the Authorization Profile field instead of “*”
    “*” results in unpredictable behavior in HCM Security
    Do not delete the ALL Structural Profile in OOSP

    •If custom or “Z” programs have not been coded using the logical database(s), and P_ORGIN authorization checks are individually coded in the programs, then the security checks will not work once security switches to P_ORGINCON

    0 (0 Ratings)
    Leave a Comment

Recent Blog Posts

Blog Categories

    Loading...