Show TOC

 Example: Structural Authorization Profiles

Example 1

Field

Values

Plan Version

01

Authorization:

Due to the user’s authorization profile, he or she is authorized to access plan version 01.

Example 2

Field

Values

Plan Version

01

Object Type

O (Organizational Unit)

Authorization:

Due to the user’s authorization profile, he or she is authorized to access organizational units in plan version 01.

Example 3

Field

Values

Plan Version

01

Object Type

O (Organizational Unit)

Object ID

Organizational Unit ID

Evaluation Path

ORGEH ( Organizational Structure )

Authorization:

Due to the user’s authorization profile, he or she is authorized to access organizational units in plan version 01 from a root object (entry in the Object ID field, represented as O1 in the figure for example 6) along the Organizational Structure evaluation path.

Example 4

Field

Values

Plan Version

01

Object Type

O (Organizational Unit)

Object ID

Organizational Unit ID

Evaluation Path

ORGEH ( Organizational Structure )

Period

D (current day)

Authorization:

Due to the user’s authorization profile, he or she is authorized to access organizational units in the structure that is valid on the current day in plan version 01.

Example 5

Field

Values

Plan Version

01

Object Type

O (Organizational Unit)

Object ID

0 = no restriction

Evaluation Path

SBESX ( Staffing Assignments Along Organizational Structure )

Function Module

RH_GET_MANAGER_ASSIGNMENT

Authorization:

Due to the user’s authorization profile, he or she is authorized to access objects along the Staffing Assignments Along Organizational Structure evaluation path from a root object in plan version 01. The root object is determined in this case using the function module, that is no entry should be made in the Object ID field.

The user is then granted access authorization to the organizational unit he or she manages and to all lower-level objects along the SBESX evaluation path.

Example 6

Field

Values

Plan Version

01

Object Type

O (Organizational Unit)

Object ID

ID of an organizational unit that is subordinate to the organizational unit in example 3

Evaluation Path

ORGEH ( Organizational Structure )

Authorization:

This profile is required to not give a user that is to receive the authorization profile from example 3 authorization for the objects of a contained lower-level branch.

This authorization profile is assigned to the user in the same way as the authorization profile from example 3 in Customizing for authorizations under Start of the navigation path Personnel Management Next navigation step Organizational Management Next navigation step Authorization Management Next navigation step Structural Authorization Next navigation step Assign Structural Authorization, however, theExclusionindicator is also selected for the authorization profile created here. End of the navigation path

Within the assigned authorization profiles, the user is then authorized in plan version 01 starting from the root object of the authorization profile from example 3 (object O1 in following figure) to access all organizational objects along the Organizational Structure evaluation path, except for the branch with the organizational unit that is given as the root object in this structural profile in the Object ID field (represented as O4 in the following figure for this example). The user cannot access objects that are in the exclusion set, meaning that are within the excluded substructure.

See also:

Definition of Structural Authorizations