Authorization Objects
In certain contexts, you may need several authorizations to perform an operation in the SAP system. The resulting contexts can be very complex. The SAP authorization concept has been realized on the basis of authorization objects to provide an understandable and easy-to-follow procedure. Several system elements that are to be protected form an authorization object.
Authorization objects enable complex checks of an authorization that allows a user to carry out an action. An authorization object groups up to ten authorization fields that are checked in an AND relationship.
For an authorization check to be successful, all field values of the authorization object must be maintained in the user master data.
Authorization objects are assigned to object classes for purposes of clarity. The authorization objects for
mySAP HR
belong to the
HR (Human Resources)
object class.
You can display or edit the authorization objects and their fields using transaction SU21. You can also use this transaction to create new object classes and authorization objects.
The authorization objects of the
HR (Human Resources)
object class have, as with all SAP authorization objects, up to ten fields, which are read by the system during an authorization, check.
The
P_ORGIN
object (
HR: Master Data
) used in the standard system consists of the following fields:
Authorization Field |
Long Text |
|---|---|
INFTY |
Infotype |
SUBTY |
Subtype |
AUTHC |
Authorization Level |
PERSA |
Personnel Area |
PERSG |
Employee Group |
PERSK |
Employee Subgroup |
VDSK 1 |
Organizational Key |
INFTY:Infotype Number
SUBTY:Subtype Number
AUTHC:Authorization Level
WERKS:Personnel Area
PERSG:Employee Group
PERSK:Employee Subgroup
VDSK1:Organizational Key
You can therefore assign authorizations for personnel data in
Human Resources
at infotype/subtype level according to the employee’s
personnel area, employee group, employee subgroup,
and
organizational key
.
The following sections describe the authorization objects for the
HR (Human Resources)
object class and selected authorization objects from the
BC_A (Basis - Administration)
object class that also play an important part in
mySAP HR
.
In most cases, the individual fields of the authorization objects are described by means of examples. An exception to this is the field that contains the access authorization for an authorization object (normally AUTHC orACTVT). This field or in other words fields that are based on a special logic are described in more detail for each authorization object.
Authorization objects for the HR object class:
P_CH_PK (HR-CH: Pension Fund: Account Access)
P_DE_BW (HR-DE: Statements SAPScript)
P_DK_PBS (HR-DK: Authorization Check for Access to PBS Company)
P_PYEVDOC (HR: Posting Document)
P_OCWBENCH (HR: Activities in the Off-Cycle Workbench)
P_CATSXT (HR: Time Sheet for Service Providers Type/ Level Check)
P_PE01 (HR: Authorization for Personnel Calculation Schemas)
P_PE02 (HR: Authorization for Personnel Calculation Rule)
P_HRF_INFO (HR: Authorization Check InfoData Maintenance for HR Forms)
P_HRF_META (HR: Authorization Check Master Data Maintenance for HR Forms)
P_DBAU_SKV (HR: DBAU: Construction Pay Germany – Social Fund Procedure)
P_PCR (HR: Payroll Control Record)
P_PERNR (HR: Master Data – Personnel Number Check)
P_ORGXX (HR: Master Data – Extended Check)
S_MWB_FCOD (BC-BMT-OM: Allowed Function Codes for Manager’s Desktop)
P_NNNNN (Customer-Specific Authorization Object)
P_ORGINCON (HR: Master Data with Context)
P_ORGXXCON (HR: Extended Check with Context)
P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)
The following authorization objects are also important for
mySAP HR
:
S_TABU_DIS (Table Maintenance (Using Standard Tools such as SM30))
S_TABU_CLI (Table Maintenance of Cross-Client Tables)