Use
The technical separation of general authorization profiles (based on authorization objects) and structural authorization profiles can cause
context problems. This is due to the fact that you cannot add any number of structural and general authorization profiles required for different tasks (in different contexts) without overriding something.You can use the context-sensitive realization of authorizations for HR master data (context solution) to avoid authorizations from being overridden. The context solution enables you to link individual general and structural authorization profiles to each other.
Integration
You can implement context authorization objects together with non-context authorization objects (see also
Example Implementation of the Authorization Main Switches).Prerequisites
You require the following technical settings for the context solution:
You can enter the settings of the authorization main switches using the OOAC transaction (HR: Authorization Main Switch). You find these settings in the Implementation Guide (IMG) for Personnel Administration under Tools ® Authorization Management ® Context Authorization Check ® Edit Context Authorization Main Switches.
Note that it is possible to activate AUTSW ORGIN (HR: Master Data) with AUTSW XXCON (HR Master Data: Extended Check (Context)), or AUTSW ORGXX (HR Master Data: Extended Check) with AUTSW INCON (HR Master Data (Context)) simultaneously.
Features
The context solution creates a technical connection between general structural authorization profiles (based on authorization objects) and structural authorization profiles using special authorization objects (
P_ORGINCON and P_ORGXXCON). These authorization objects differ from the master data authorization objects P_ORGIN and P_ORGXX in that they contain an additional field, PROFL, in which you can enter structural profiles.The context authorization objects enable users to perform as many roles as they want using a single user ID and without causing the current authorization profiles to be overridden.
Note that the structural profile assigned to a user is defined from the T77UA table (User Authorizations). Therefore, you should only enter structural profiles that have been entered in this table in the
Activities