The general authorization check for
mySAP HR
controls access to
Human Resources
infotypes .
This authorization type applies to the general SAP authorization check, which is set up using the transaction PFCG. The authorization objects that are used only in
mySAP HR
are HR-specific authorization objects.
Authorizations are defined by authorization objects . An authorization object specifies the fields that occur in an authorization. The system checks if a user has the corresponding authorization for certain field specifications in the user master record.
Authorizations are grouped together in authorization profiles .
A user’s authorizations for the different authorization objects in the system are determined from the authorization profiles assigned to the user in the master data record.
There are a number of authorization objects you can use to define authorizations for
mySAP HR
. You can call up these authorization objects using transaction SU21 (HR object class) in the SAP system. For more information, see
Authorization Objects
.
The authorization main switch controls the use of authorization objects. For more information about the authorization main switches, see HR: Authorization Main Switches .
In addition to the authorization objects and the main authorization switches, the following technical aspects are important for general authorizations in mySAP HR:
Authorization Level ( AUTHC field) – this field controls the access mode (read, write, ...) in HR authorization objects. It can have different specifications according to the authorization object.
Organizational Key ( VDSK1 field) – this field is only contained in the P_ORGIN authorization object. You can use this object to carry out a differentiated authorization check by organizational assignment.
Control Mechanisms (Double Verification Principle, Test Procedures, etc.)
For a description of the process of general authorization checks in mySAP HR (and of all relevant substeps in this process), see Processes and Flowcharts of the Authorization Check .
For general information about setting up authorizations for SAP applications, see Setting up General Authorization Checks .
The following examples demonstrate how you can accommodate simple authorization requirements for the general authorization check: