Field in authorization objects, which defines a user’s access mode (activity).
The
AUTHC
field is used in the following authorization objects:
The following
authorization levels
are possible for the P_ORGIN, P_ORGXX, and P_PERNR authorization objects and for the customer-specific authorization object, P_NNNNN:
R (Read) for read access
M (Matchcode) for read access to entry helps
W (Write) for write access
E (Enqueue) for write access using the Asymmetrical Double Verification Principle. E also enables you to create and change locked records
D (Dequeue) for write access using the Asymmetrical Double Verification Principle. D also enables you to change the lock indicator.
S (Symmetric) for write access using the Symmetric Double Verification Principle
* (all operations). * includes all authorization levels simultaneously, that is it has the same meaning as R , M , W , E , D and S .
Problems can arise in some programs when write authorizations exist but no read authorizations. To avoid this, you should always specify R along with the authorization levels W , E , D , and S .
This applies for authorizations with
PSIGN
=
I
in the P_PERNR authorization object. In certain cases, it is appropriate not to enter read authorizations for authorizations with
PSIGN =
E
.
This is not an exception to the rule.
PSIGN =
E
can be used to deny authorizations, which is, of course, allowed. This can occur, for example, if you have specified an authorization using P_ORGIN and authorization level
*
, and then use P_PERNR to determine that the user should be authorized to display his or her own data but not change the data. In this case, you would specify an authorization for P_PERNR with AUTHC =
W
,
E
,
D
,
S
and
PSIGN =
E
.
The following
authorization level
specifications are possible for the
P_PCLX (HR: Clusters)
authorization object:
R (Read) for read access
U (Update) for write access. This includes the authorizations of authorization level S but not authorization level R
S (Simulation) to write data to internal buffer but not to database
You are probably familiar with the
ACTVT
(
Activity
) field from other components of the SAP system, not with the authorization level and wonder why
ACTVT
is not used in
mySAP HR
. The field is not used in
mySAP HR
because the authorization objects that contain the
AUTHC
field (
Authorization Level
) were already in use before it was decided to switch to the
ACTVT
field.The decision up until now has been to continue to use the AUTHfield to ensure existing customers remain compatible in this area and to avoid the adjustment and corresponding implementation that a switch would involve.