Process of Determining the Period of Responsibility According to (SAP Library

Process of Determining the Period of Responsibility According to Organizational Structure

Call Parameters

The determination of the period of responsibility is called up using the following parameters:

LEVEL	Authorization Level
TCLAS	Transaction Class = Difference Personnel Number/Applicant Number
PERNR	Personnel Number (or Applicant Number)
INFTY	Infotype
SUBTY	Subtype

Process Flow

The system performs all the following steps of this process.

The ORGPD authorization main switch is evaluated. If the switch is deactivated, January 1, 1800 to December 31, 9999 is returned as the period of responsibility and the check is ended.

If the current access check is for write access to the Reference Personnel Numbers infotype (0031), January 1, 1800 to December 31, 9999 is set as the period of responsibility and the check is ended prematurely. (This situation never occurs for applicant numbers.)

The period of responsibility is determined according to the structural authorization profiles (the T77UA table – User Authorizations and the T77PR table - Definition of Authorization Profiles).

The default position is determined (T77SO table – System Tables, PLOGI PRELI entry). If the default position cannot be determined (for example, because no entry was found in the T77S0 table), it is not possible to perform the comparisons of position and default position listed below. In this case, the comparisons always return the result is unequal.

The organizational assignments of the personnel number are imported (data records of the Organizational Assignment infotype – 0001).

The following steps are carried out for each organizational assignment (data record of infotype 0001):

If the position and default position do not concur, the organizational assignment is not evaluated further and the system moves to the next organizational assignment.

If the position and default position concur, the organizational assignment is further evaluated.

If an organizational unit can be determined from the organizational assignment and if the evaluation of the organizational unit is desirable (specification 1 or 3 of the ORGPD authorization main switch), the system checks whether the user is authorized to access the organizational unit for the validity period of the organizational assignment according to the structural authorization profiles:

If the user is not authorized to access the organizational unit, the organizational assignment is not evaluated further and the system moves to the next organizational assignment.
If the user is authorized to access the organizational unit, the validity period of the organizational assignment is added to the period of responsibility.

If no organizational unit can be determined from the organizational assignment or if the evaluation of the organizational unit is not desirable (specification 2 or 4 of the ORGPD authorization main switch), the default case occurs:

If the authorization should be denied in the default case (specification 1 or 2 of the ORGPD authorization main switch), the organizational assignment is not evaluated further and the system moves on to the next organizational assignment.

If the authorization should be granted in the default case (specification 3 or 4 of the ORGPD authorization main switch), the validity period of the organizational assignment is added to the period of responsibility.

When all the organizational assignments of the personnel number have been evaluated, the period of responsibility is returned.
If the period of responsibility is empty, not authorized is returned as the result of the check. Otherwise, the result is authorized.

Note

The specifications 1 or 2 of the ORGPD authorization main switch always deny access authorization in the default case, that is if the structural assignment of the authorization check is impossible. Consequently, a user can no longer access the personnel numbers affected in this case. Since the organizational structure for users with unrestricted structural authorization for personnel numbers is not evaluated, these users can access all personnel numbers. This is due to the fact that the period of responsibility of these users already had the maximum possible length before the subsequent evaluation of the organizational assignment.