Show TOC

 Context Solution


The technical separation of general authorization profiles (based on authorization objects) and structural authorization profiles can cause context problems . This is due to the fact that you cannot add any number of structural and general authorization profiles required for different tasks (in different contexts) without overriding something.

You can use the context-sensitive realization of authorizations for HR master data (context solution) to avoid authorizations from being overridden. The context solution enables you to link individual general and structural authorization profiles to each other.


You can implement context authorization objects together with non-context authorization objects (see also Example Implementation of the Authorization Main Switches ).


You require the following technical settings for the context solution:

  • Maintain the context authorization objects using transaction SU21 or PFCG (Role Maintenance):

  • Settings for the context authorization main switcher using table T77S0:

You can enter the settings of the authorization main switches using the OOAC transaction ( HR: Authorization Main Switch ). You find these settings in the Implementation Guide (IMG) for Personnel Administration under Start of the navigation path Tools Next navigation step Authorization Management Next navigation step Context Authorization Check Next navigation step Edit Context Authorization Main Switches. End of the navigation path

Note Note

Note that it is possible to activate AUTSW ORGIN ( HR: Master Data ) with AUTSW XXCON ( HR Master Data: Extended Check (Context) ), or AUTSW ORGXX ( HR Master Data: Extended Check ) with AUTSW INCON ( HR Master Data (Context) ) simultaneously.

End of the note.


The context solution creates a technical connection between general structural authorization profiles (based on authorization objects) and structural authorization profiles using special authorization objects ( P_ORGINCON and P_ORGXXCON ). These authorization objects differ from the master data authorization objects P_ORGIN and P_ORGXX in that they contain an additional field, PROFL , in which you can enter structural profiles.

The context authorization objects enable users to perform as many roles as they want using a single user ID and without causing the current authorization profiles to be overridden.

Caution Caution

Note that the structural profile assigned to a user is defined from the T77UA table (User Authorizations). Therefore, you should only enter structural profiles that have been entered in this table in the PROFL field (Authorization profile) of the context authorization objects for user master record maintenance. If you use the HRBAS00_GET_PROFL (BAdI: Define Assigned Structural Profiles) Business Add-In (BAdI) , you do not have to maintain then entries in table T77UA. This enables you to implement an alternative definition of structural profiles by having the structural profiles defined from the user maser record (context authorization objects), for example.

End of the caution.


  1. Maintain the context authorization objects you require using transaction SU21 or PFCG.

  2. Activate the appropriate context authorization main switch.