Show TOC

 Interaction of General and Structural Authorizations

If you use both structural and general authorizations, a user’s overall profile is determined from the intersection of his or her structural and general authorization profiles.

The structural profile determines which object in the organizational structure the user has access to. The general profile determines which object data (infotype, subtype) and which access mode (Read, Write, ...) the user has for those objects.

Example

An overall profile could be put together as follows:

The following authorizations or restrictions apply to a user who has the overall profile illustrated above:

  • The user has read authorization for positions S1 to SN in infotypes 1000 to 1010 (structural profile and 1/PLOG profile).

  • The user is not authorized to access organizational units with this profile since the user has no corresponding PLOG authorization.

  • The user has read authorization for persons P1 to PN in infotypes 0000 to 0007. (Structural Profile and Profile/P_ORGIN). The period of responsibility for persons is determined in accordance with the period of responsibility according to structural authorization. See Determining the Period of Responsibility According to Structural Authorization .

  • For the user to be able to access data on persons, you need to assign the user a corresponding PLOG authorization for persons. The infotype does not have to be specified. (Profile 2/PLOG)