If you have requirements that cannot be mapped using the
P_ORGINCON
and
P_ORGXXCON
authorization objects (for example, because you want to build your authorization checks on additional fields of the
Organizational Assignment
infotype (0001) that are customer-specific) and if you want to implement the
context solution
, you can include an authorization object in the authorization checks yourself.
In the standard system, the check of this object is not active. You can use the AUTSW NNCON authorization main switch to control the use of the customer-specific authorization object.
A customer-specific authorization object for the context solution must contain the following fields:
Authorization Field |
Long Text |
---|---|
INFT Y |
Infotype |
SUBT Y |
Subtype |
AUTH C |
Authorization Level |
PROF L |
Authorization Profile |
The PROFL field is used to determine which structural profiles the user is authorized to access. Note that you can only enter structural profiles that are assigned to the user in table T77UA (
User Authorizations = Assignment of Profile to User
) in this field.
Note
If you use the HRBAS00_GET_PROFL (BAdI: Define Assigned Structural Profiles) Business Add-In (BAdI), you do not have to maintain the entries in table T77UA. This BAdI enables you to implement an alternative determination of structural profiles.
You can use any of the fields in the
Organizational Assignment
infotype (0001) or in the PA0001 structure for the rest of the fields. You can also use customer-specific additional fields as long as they are CHAR or NUMC type fields.
In addition, you can use the following fields:
TCD
: This field is always filled with the current transaction code (
SY-TCODE
). Note that when you use this authorization object in reports, the TCD field is filled with the name of the transaction that calls the report and not with the report name.
INFSU
: This field is 8 characters long. The first 4 characters contain the infotype, the last 4 characters the subtype.
To create a customer-specific authorization object, you can use the RPUACG00 report.
Note
Note that if you use customer-specific authorization objects, you must maintain these objects in transaction SU24 in the same way as you maintain the authorization objects P_ORGIN (
HR: Master Data
), P_ORGXX (
HR: Master Data – Extended Check
), and P_PERNR (
HR: Master Data – Check by Personnel Number
).
See also: