An authorization allows a user to perform a specific action on a specific object. You can define authorization checks to be performed for the nodes in a business object by adding authorization objects to the node. In this way, you can configure that only authorized users can access the data in search results or reporting.
To assign an authorization object to a PFCG role:
Go to transaction PFCG, enter the role name and choose Change.
In the Authorization tab, assign the authorization object in Maintain Authorization Data and Generate Profiles.
In GRC, the following types of authorization objects are available:
Authorization Object | Description |
---|---|
GRFN_ODP | Authorization check for HR objects based on entity and object ID |
GRFN_ODP_C | Authorization check for special HR objects with complex IDs |
GRFN_ODP_E | Entity level authorization check for non-HR objects |
GRFN_ODP_R | Authorization check for regulation specific entities |
GRFN_ODPRC | Authorization check for complex ID and regulation specific entities |
Note
Ad-hoc Issue and Policy use role-user assignment authorization. The assignment information is stored in table GRFNROLEASSNMT.
Some objects contain special entity IDs that cover two HR object types. In such cases, the object ID length of these entities are extended to 9, allowing one extra character for identification. These objects use the special complex ID authorization check GRFN_AUTH_C. The following is a list of special HR objects that uses complex ID authorization check.
Object Type | Object ID Format | Example | Description |
---|---|---|---|
Activity | 8 digit number + S | 50****01S | Activities mapped from subprocess |
8 digit number | 50****01 | Newly created activities | |
Activity Category | 8 digit number + X | 50****01X | Activity categories mapped from subprocess |
8 digit number | 50****01 | Newly created activity categories | |
Control | L + 8 digit number | L50****01 | Local change allowed controls |
8 digit number | 50****01 | Local change not allowed controls | |
Risk | 8 digit number + X | 50****01X | Risk template |
8 digit number | 50****01 | Local risk |