Show TOC

 General Authorization Check


The general authorization check for mySAP HR controls access to Human Resources infotypes .


This authorization type applies to the general SAP authorization check, which is set up using the transaction PFCG. The authorization objects that are used only in mySAP HR are HR-specific authorization objects.


Authorizations are defined by authorization objects . An authorization object specifies the fields that occur in an authorization. The system checks if a user has the corresponding authorization for certain field specifications in the user master record.

Authorizations are grouped together in authorization profiles .

A user’s authorizations for the different authorization objects in the system are determined from the authorization profiles assigned to the user in the master data record.

There are a number of authorization objects you can use to define authorizations for mySAP HR . You can call up these authorization objects using transaction SU21 (HR object class) in the SAP system. For more information, see Authorization Objects .

The authorization main switch controls the use of authorization objects. For more information about the authorization main switches, see HR: Authorization Main Switches .

In addition to the authorization objects and the main authorization switches, the following technical aspects are important for general authorizations in mySAP HR:

For a description of the process of general authorization checks in mySAP HR (and of all relevant substeps in this process), see Processes and Flowcharts of the Authorization Check .


For general information about setting up authorizations for SAP applications, see Setting up General Authorization Checks .


The following examples demonstrate how you can accommodate simple authorization requirements for the general authorization check: