Background documentation Authorization Objects 

In certain contexts, you may need several authorizations to perform an operation in the SAP system. The resulting contexts can be very complex. The SAP authorization concept has been realized on the basis of authorization objects to provide an understandable and easy-to-follow procedure. Several system elements that are to be protected form an authorization object.

Authorization objects enable complex checks of an authorization that allows a user to carry out an action. An authorization object groups up to ten authorization fields that are checked in an AND relationship.

For an authorization check to be successful, all field values of the authorization object must be maintained in the user master data.

Authorization objects are assigned to object classes for purposes of clarity. The authorization objects for mySAP HR belong to the HR (Human Resources) object class.

You can display or edit the authorization objects and their fields using transaction SU21. You can also use this transaction to create new object classes and authorization objects.

The authorization objects of the HR (Human Resources) object class have, as with all SAP authorization objects, up to ten fields, which are read by the system during an authorization, check.

Example

The P_ORGIN object (HR: Master Data) used in the standard system consists of the following fields:

Authorization Field

Long Text

INFTY

Infotype

SUBTY

Subtype

AUTHC

Authorization Level

PERSA

Personnel Area

PERSG

Employee Group

PERSK

Employee Subgroup

VDSK 1

Organizational Key

 

INFTY: Infotype Number

SUBTY: Subtype Number

AUTHC: Authorization Level

WERKS: Personnel Area

PERSG: Employee Group

PERSK: Employee Subgroup

VDSK1: Organizational Key

You can therefore assign authorizations for personnel data in Human Resources at infotype/subtype level according to the employee’s personnel area, employee group, employee subgroup, and organizational key.

The following sections describe the authorization objects for the HR (Human Resources) object class and selected authorization objects from the BC_A (Basis - Administration) object class that also play an important part in mySAP HR.

Note

In most cases, the individual fields of the authorization objects are described by means of examples. An exception to this is the field that contains the access authorization for an authorization object (normally AUTHC or ACTVT). This field or in other words fields that are based on a special logic are described in more detail for each authorization object.

Authorization objects for the HR object class:

·  P_CH_PK (HR-CH: Pension Fund: Account Access)

·  P_DE_BW (HR-DE: Statements SAPScript)

·  P_DK_PBS (HR-DK: Authorization Check for Access to PBS Company)

·  P_PYEVDOC (HR: Posting Document)

·  P_OCWBENCH (HR: Activities in the Off-Cycle Workbench)

·  P_BEN (HR: Benefit Area)

·  P_CATSXT (HR: Time Sheet for Service Providers Type/ Level Check)

·  P_PE01 (HR: Authorization for Personnel Calculation Schemas)

·  P_PE02 (HR: Authorization for Personnel Calculation Rule)

·  P_HRF_INFO (HR: Authorization Check InfoData Maintenance for HR Forms)

·  P_HRF_META (HR: Authorization Check Master Data Maintenance for HR Forms)

·  P_CERTIF (HR: Statements)

·  P_APPL (HR: Applicants)

·  P_PYEVRUN (HR: Posting Run)

·  P_PCLX (HR: Clusters)

·  P_DBAU_SKV (HR: DBAU: Construction Pay Germany – Social Fund Procedure)

·  P_PCR (HR: Payroll Control Record)

·  P_ABAP (HR: Reporting)

·  P_ORGIN (HR: Master Data)

·  P_PERNR (HR: Master Data – Personnel Number Check)

·  P_ORGXX (HR: Master Data – Extended Check)

·  P_TCODE (HR Transaction Code)

·  P_USTR (HR: US Tax Reporter)

·  PLOG (Personnel Planning)

·  S_MWB_FCOD (BC-BMT-OM: Allowed Function Codes for Manager’s Desktop)

·  P_NNNNN (Customer-Specific Authorization Object)

·  P_ORGINCON (HR: Master Data with Context)

·  P_ORGXXCON (HR: Extended Check with Context)

·  P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)

The following authorization objects are also important for mySAP HR:

·  S_TABU_DIS (Table Maintenance (Using Standard Tools such as SM30))

·  S_TABU_CLI (Table Maintenance of Cross-Client Tables)

·  S_TABU_LIN (Authorization for Organizational Unit)

·  S_TMS_ACT (TemSE: Actions on TemSe Objects)

 

 

Leaving content frame