Authorization Objects
In certain contexts, you may need several authorizations to perform an operation in theSAPsystem. The resulting contexts can be very complex. TheSAPauthorization concept has been realized on the basis of authorization objects to provide an understandable and easy-to-follow procedure. Several system elements that are to be protected form an authorization object.
Authorization objects enable complex checks with multiple conditions for an authorization that allows the user to perform an action. An authorization object groups up to ten authorization fields that are checked in anANDrelationship.
For an authorization check to be successful, all field values of the authorization object must be maintained in the user master data.
Authorization objects are assigned to object classes for purposes of clarity. The authorization objects for
mySAP HR
belong to the
HR (Human Resources)
object class.
You can display or edit the authorization objects and their fields using transaction SU21. You can also use this transaction to create new object classes and authorization objects.
The authorization objects of the
HR (Human Resources)
object class have, as with allSAPauthorization objects, up to ten fields that are read by the system during an authorization check.
The
P_ORGIN
object (
HR: Master Data
) used in the standardSAPsystem consists of the following fields:
Authorization Field |
Long Text |
|---|---|
INFTY |
Infotype |
SUBTY |
Subtype |
AUTHC |
Authorization level |
PERSA |
Personnel area |
PERSG |
Employee group |
PERSK |
Employee subgroup |
VDSK 1 |
Organizational key |
INFTY:Infotype number
SUBTY:Subtype number
AUTHC:Authorization level
WERKS:Personnel area
PERSG:Employee group
PERSK:Employee subgroup
VDSK1:Organizational key
You can therefore assign authorizations for HR data in
Human Resources
at infotype/subtype level according to the employee’s
personnel area, employee group, employee subgroup,
and
organizational key
.
The following sections describe the authorization objects for the
HR (Human Resources)
object class and selected authorization objects from the
BC_A (Basis - Administration)
object class that also play an important part inSAPHuman Resources.
In most cases, the individual fields of the authorization objects are described by means of examples. An exception to this is the field that contains the access authorization for an authorization object (normally AUTHC orACTVT). This field or fields that are based on a special logic are described in more detail for each authorization object.
Authorization objects for the HR object class:
P_CATSXT (HR: Time Sheet for Service Providers Type/Level Check)
P_CH_PK (HR-CH: Pension Fund: Account Access)
P_DBAU_SKV (HR: DBAU: Construction Pay Germany – Social Fund Procedure)
P_DE_BW (HR-DE: Statements SAPScript)
P_DEL_PERN (Deletion of Personnel Numbers in Live Systems)
P_DK_PBS (HR-DK: Authorization Check for Access to PBS Company)
P_HAP_DOC (Appraisal Systems: Appraisal)
P_HRF_INFO (HR: Authorization Check InfoData Maintenance for HR Forms)
P_HRF_META (HR: Authorization Check Master Data Maintenance for HR Forms)
P_NNNNN (HR: Master Data: Customer-Specific Authorization Object)
P_NNNNNCON (HR: Master Data: Customer-Specific Authorization Object with Context)
P_OCWBENCH (HR: Activities in the Off-Cycle Workbench)
P_ORGINCON (HR: Master Data with Context)
P_ORGXX (HR: Master Data – Extended Check)
P_ORGXXCON (HR: Extended Check with Context)
P_PCR (HR: Payroll Control Record)
P_PE01 (HR: Authorization for Personnel Calculation Schemas)
P_PE02 (HR: Authorization for Personnel Calculation Rule)
P_PERNR (HR: Master Data – Personnel Number Check)
P_PYEVDOC (HR: Posting Document)
S_MWB_FCOD (BC-BMT-OM: Allowed Function Codes for Manager’s Desktop)
The following authorization objects are also important forSAPHuman Resources:
S_TABU_CLI (Table Maintenance of Cross-Client Tables)
S_TABU_DIS (Table Maintenance (Using Standard Tools Such as SM30))