Show TOC

 P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)


If you have requirements that cannot be mapped using the P_ORGINCON and P_ORGXXCON authorization objects (for example, because you want to build your authorization checks on additional fields of the Organizational Assignment infotype (0001) that are customer-specific) and if you want to implement the context solution , you can include an authorization object in the authorization checks yourself.

In the standard system, the check of this object is not active. You can use the AUTSW NNCON authorization main switch to control the use of the customer-specific authorization object.


A customer-specific authorization object for the context solution must contain the following fields:

Authorization Field

Long Text






Authorization Level


Authorization Profile

More Information About the Fields

The PROFL field is used to determine which structural profiles the user is authorized to access. Note that you can only enter structural profiles that are assigned to the user in table T77UA ( User Authorizations = Assignment of Profile to User ) in this field.

Note Note

If you use the HRBAS00_GET_PROFL (BAdI: Define Assigned Structural Profiles) Business Add-In (BAdI), you do not have to maintain the entries in table T77UA. This BAdI enables you to implement an alternative determination of structural profiles.

End of the note.

You can use any of the fields in the Organizational Assignment infotype (0001) or in the PA0001 structure for the rest of the fields. You can also use customer-specific additional fields as long as they are CHAR or NUMC type fields.

In addition, you can use the following fields:

  • TCD : This field is always filled with the current transaction code ( SY-TCODE ). Note that when you use this authorization object in reports, the TCD field is filled with the name of the transaction that calls the report and not with the report name.

  • INFSU : This field is 8 characters long. The first 4 characters contain the infotype, the last 4 characters the subtype.

To create a customer-specific authorization object, you can use the RPUACG00 report.

Note Note

Note that if you use customer-specific authorization objects, you must maintain these objects in transaction SU24 in the same way as you maintain the authorization objects P_ORGIN ( HR: Master Data ), P_ORGXX ( HR: Master Data – Extended Check ), and P_PERNR ( HR: Master Data – Check by Personnel Number ).

End of the note.

See also:

Context Authorization Check

Creating a Customer-Specific Authorization Object