Technical Aspects of Authorization Checks (SAP Library)

Technical Aspects of Authorization Checks

This section describes the technical background of authorization checks.

Control of HR Authorization Checks

In the standard system, you require an authorization for the Personnel area, Employee group, Employee subgroup, and Organizational key fields in infotype 0001 Organizational Assignment. The organizational key can be assigned independently and may include content from other fields contained in the infotype Organizational Assignment (0001). This field is particularly useful for controlling HR authorization checks if the Personnel area, Employee group, and Employee subgroup fields are insufficient.

If you cannot use the standard authorization checks for HR master data and infotypes for your enterprise-specific requirements, you can use one of the following methods to define a suitable authorization check:

Modify the standard SAP authorization check. Use the Code Generation for HR Master Data Authorization Validation program (RPUACG00).

Please note that this program changes central HR routines and that such modifications are always time-consuming. Do not change the existing HR: master data object (P_ORGIN). Instead, make a copy of the object and change the copy.

Define a modification-free authorization check using the HR: Authorization Check Business Add-In (HRPAD00AUTH_CHECK).

For more information on setting up Business Add-Ins, see the Implementation Guide for Personnel Administration under Tools ® Authorization Management ® BAdI: Set Up Customer-Specific Authorization Check.

Time-Dependency of the Authorization Check

The tolerance time quoted in the section Time Dependency of the Authorization Check can be edited using the transaction HR: Authorization Main Switch (OOAC). The tolerance time increases the administrator's validity period. The tolerance time is set to 15 days in the standard system.