Start of Content Area

Function documentation Context Solution Locate the document in its SAP Library structure

Use

The technical separation of general authorization profiles (based on authorization objects) and structural authorization profiles can cause context problems. This is due to the fact that you cannot add any number of structural and general authorization profiles required for different tasks (in different contexts) without overriding something.

You can use the context-sensitive realization of authorizations for HR master data (context solution) to avoid authorizations from being overridden. The context solution enables you to link individual general and structural authorization profiles to each other.

Integration

You can implement context authorization objects together with non-context authorization objects (see also Example Implementation of the Authorization Main Switches).

Prerequisites

You require the following technical settings for the context solution:

You can enter the settings of the authorization main switches using the OOAC transaction (HR: Authorization Main Switch). You find these settings in the Implementation Guide (IMG) for Personnel Administration under Tools ® Authorization Management ® Context Authorization Check ® Edit Context Authorization Main Switches.

Note

Note that it is possible to activate AUTSW ORGIN (HR: Master Data) with AUTSW XXCON (HR Master Data: Extended Check (Context)), or AUTSW ORGXX (HR Master Data: Extended Check) with AUTSW INCON (HR Master Data (Context)) simultaneously.

Features

The context solution creates a technical connection between general structural authorization profiles (based on authorization objects) and structural authorization profiles using special authorization objects (P_ORGINCON and P_ORGXXCON). These authorization objects differ from the master data authorization objects P_ORGIN and P_ORGXX in that they contain an additional field, PROFL, in which you can enter structural profiles.

This graphic is explained in the accompanying text

The context authorization objects enable users to perform as many roles as they want using a single user ID and without causing the current authorization profiles to be overridden.

Caution

Note that the structural profile assigned to a user is defined from the T77UA table (User Authorizations). Therefore, you should only enter structural profiles that have been entered in this table in the PROFL field (Authorization profile) of the context authorization objects for user master record maintenance. If you use the HRBAS00_GET_PROFL (BAdI: Define Assigned Structural Profiles) Business Add-In (BAdI), you do not have to maintain then entries in table T77UA. This enables you to implement an alternative definition of structural profiles by having the structural profiles defined from the user maser record (context authorization objects), for example.

Activities

  1. Maintain the context authorization objects you require using transaction SU21 or PFCG.
  2. Activate the appropriate context authorization main switch.

 

 

End of Content Area