Show TOC

 Process of the Authorization Check Using P_ORGIN, P_ORGXX and P_NNNNN

Call Parameters

A user attempts to call an employee’s infotype record. As a result, the authorization check is called using the following parameters:

LEVEL

Authorization Level

P0001

Data Record of the Organizational Assignment Infotype (0001)

INFTY

Infotype

SUBTY

Subtype

Process Flow

The system performs all the following steps of the authorization check.

  1. The ORGIN authorization main switch is evaluated.

  2. If the main switch is not activated, the authorization check returns authorized immediately.

  3. An authorization check takes place on the P_ORGIN authorization object:

AUTHORITY-CHECK OBJECT 'P_ORGIN'

ID 'INFTY' FIELD INFTY

ID 'SUBTY' FIELD SUBTY

ID 'AUTHC' FIELD LEVEL

ID 'PERSA' FIELD P0001-WERKS

ID 'PERSG' FIELD P0001-PERSG

ID 'PERSK' FIELD P0001-PERSK

ID 'VDSK1' FIELD P0001-VDSK1.

  1. If this check is successful ( SY-SUBRC = 0 ), the outcome is authorized .

  2. If this check is unsuccessful ( SY-SUBRC <> 0 ), the outcome is not authorized .

The check for P_ORGXX runs analogously. However, the ORGXX authorization main switch is evaluated and then the following check is processed:

AUTHORITY-CHECK OBJECT 'P_ORGXX'

ID 'INFTY' FIELD INFTY

ID 'SUBTY' FIELD SUBTY

ID 'AUTHC' FIELD LEVEL

ID 'SACHA' FIELD P0001-SACHA

ID 'SACHP' FIELD P0001-SACHP

ID 'SACHZ' FIELD P0001-SACHZ

ID 'SBMOD' FIELD P0001-SBMOD.

The NNNNN authorization main switch is evaluated for the customer-specific authorization object and then the form routine of the generated MPPAUTZZ include is processed.

There is no evaluation of an authorization main switch for the P_APPL authorization object (for applicants), since no such switch exists. The reason for this is that applicants do not normally take part in the structural authorization check and consequently, it is not desirable to switch off the checks of P_APPL. The following check is carried out for P_APPL:

AUTHORITY-CHECK OBJECT 'P_APPL'

ID 'INFTY' FIELD INFTY

ID 'SUBTY' FIELD SUBTY

ID 'AUTHC' FIELD LEVEL

ID 'PERSA' FIELD P0001-WERKS

ID 'APGRP' FIELD P0001-PERSG

ID 'APTYP' FIELD P0001-PERSK

ID 'VDSK1' FIELD P0001-VDSK1

ID 'RESRF' FIELD P0001-SACHP.

See also:

Flowchart of the Authorization Check Using P_ORGIN, P_ORGXX and P_NNNNN