Show TOC
Maintain
Profiles for Structural Authorization
In this step, you define the profiles relevant
for authorizations in Personnel Planning.
This step also includes settings you can make
to protect certain structures and substructures.
You can define authorization for the following
areas:
The following parameters and functions are also
available for the definition of authorization profiles:
You can specify an
evaluation path to determine that users are only authorized to access objects
in a certain evaluation path.
When you use an
evaluation path, you must complete the object ID field.
You can specify a
status vector to determine that a user only has access to objects whose
relationship infotype records have a particular status, for example, planned
or active status.
You can specify a
display depth to determine what level in a hierarchical structure a user may
access.
You can specify a
time period to determine that a profile is dependent on the validity period of
a structure. For example, by entering 'D' for the current day, you restrict
structural authorization to structures that are valid on the current
day.
If you make no entry
here (default is <Blank>), no validity restriction is set.
(See example
4)
You can specify a
function module in this field that dynamically determines a root object at
runtime. No entry may be made in the Object ID field in this case.
You must, however, specify a plan version and an object type.
The advantage of
using function modules is that when a root object is dynamically determined at
runtime, a user-specific profile is created. You only have to define one
authorization profile.
(See example
5)
The standard system
contains two function modules:
RH_GET_MANAGER_ASSIGNMENT (Determine organizational units for
managers)
This function module
determines as the root object the organizational unit to which the user is
assigned as manager via relationship A012 (is manager of).
This function module
works on the basis of a key date. It only finds organizational units of which
the user is 'manager' on the key date or during the period
specified.
RH_GET_ORG_ASSIGNMENT (Organizational assignment)
This function module
determines as the root object the organizational unit to which the user is
assigned organizationally.
You can also define profiles containing
maintenance authorization. You do so by selecting the editing type
Maintenance. This also enables the execution of function
codes that have a Maintenance indicator in table
T77FC.
The complete authorization is made up of basic
authorizations plus the structural authorization defined.
Example
The following examples only list fields
containing entries, not all fields.
Plan version:
"01"
The user is
authorized to access plan version "01".
Plan version:
"01"
Object type: "O"
(organizational unit)
The user is
authorized to access organizational units in plan version "01".
Plan version:
"01"
Object type:
"O"
Object ID: ID of an
organizational unit
Evaluation path:
"ORGEH" (organizational structure)
The user is
authorized to access organization units starting from a root object (object ID
entered) along the evaluation path "Organizational structure" in plan version
01.
Plan version:
"01"
Object type:
"O"
Period: "D" (current
day)
The user is
authorized to access organizational units in plan version "01" that are valid
on the current day.
Plan version:
"01"
Object type:
"O"
Object ID: "0" no
restriction set
Evaluation path:
"SBESX" (staff assignments along the organizational structure)
Function module:
"RH_GET_MANAGER_ASSIGNMENT"
The user is
authorized to access objects in plan version '01' found along the evaluation
path 'Positions along the organizational structure' starting from a root
object. The root object is determined by the function module. No entry may be
made in the 'Object ID' field.
Thus, the user has
authorization to access the organizational unit he or she manages and all
underlying objects in the evaluation path SBESX.
Activities
1. Create the
required profiles with authorizations by entering data in the relevant
fields.