Show TOC

  AUTHC (Authorization Level)


Field in authorization objects, which defines a user’s access mode (activity).


Authorization Level for Accessing Master Data:

The following authorization levels are possible for the P_ORGIN, P_ORGXX, and P_PERNR authorization objects and for the customer-specific authorization object, P_NNNNN:

  • R (Read) for read access

  • M (Matchcode) for read access to entry helps

  • W (Write) for write access

  • E (Enqueue) for write access using the Asymmetrical Double Verification Principle. E also enables you to create and change locked records

  • D (Dequeue) for write access using the Asymmetrical Double Verification Principle. D also enables you to change the lock indicator.

  • S (Symmetric) for write access using the Symmetric Double Verification Principle

  • * (all operations). * includes all authorization levels simultaneously, that is it has the same meaning as R , M , W , E , D and S .

Problems can arise in some programs when write authorizations exist but no read authorizations. To avoid this, you should always specify R along with the authorization levels W , E , D , and S .

This applies for authorizations with PSIGN = I in the P_PERNR authorization object. In certain cases, it is appropriate not to enter read authorizations for authorizations with PSIGN = E . This is not an exception to the rule. PSIGN = E can be used to deny authorizations, which is, of course, allowed. This can occur, for example, if you have specified an authorization using P_ORGIN and authorization level * , and then use P_PERNR to determine that the user should be authorized to display his or her own data but not change the data. In this case, you would specify an authorization for P_PERNR with AUTHC = W , E , D , S and PSIGN = E .

Authorization Level for Accessing Clusters:

The following authorization level specifications are possible for the P_PCLX (HR: Clusters) authorization object:

  • R (Read) for read access

  • U (Update) for write access. This includes the authorizations of authorization level S but not authorization level R

  • S (Simulation) to write data to internal buffer but not to database


You are probably familiar with the ACTVT ( Activity ) field from other components of the SAP system, not with the authorization level and wonder why ACTVT is not used in mySAP HR . The field is not used in mySAP HR because the authorization objects that contain the AUTHC field ( Authorization Level ) were already in use before it was decided to switch to the ACTVT field.The decision up until now has been to continue to use the AUTHfield to ensure existing customers remain compatible in this area and to avoid the adjustment and corresponding implementation that a switch would involve.