01:19:48
Hi ,
As suggested i tried below ways.
Case1 Task A : Maintained the Switches in OOAC as below.
AUTSW ADAYS 15 HR: Tolerance Time for Authorization Check
AUTSW APPRO 0 HR: Test Procedures
AUTSW DFCON 0 HR: Default Position (Context)
AUTSW INCON 0 HR: Master Data (Context)
AUTSW NNCON 0 HR:Customer-Specific Authorization Check (Context)
AUTSW NNNNN 0 HR: Customer-Specific Authorization Check
AUTSW ORGIN 1 HR: Master Data
AUTSW ORGPD 1 HR: Structural Authorization Check
AUTSW ORGXX 0 HR: Master Data - Extended Check
AUTSW PERNR 1 HR: Master Data - Personnel Number Check
AUTSW XXCON 0 HR: Master Data - Enhanced Check (Context)
Just switched P_ORGIN , P_PERNR and ORGPD.
In this case the pernr number (8-is assigned to OM Struture).
As per the above settings i am able to restrict the HR Admin from doing any activity on pernr ( 8 ) data .
Task B: I have removed the structural profile to the HR Admin and tried to modify the data of other emps. HR Admin was not
able to view (even though the personal area,sub area etc covered in the role authorizations) any emps data except his own
data.
Reason what i assume is in OOAC the structural auth check (ORGPD) activated,hence its checking whether structural profile is assigned to user or not ?. Please correct me,if i am wrong.
Case 2 : I have changed the settings in OOAC and maintained as mentioned below. ( switched off ORGPD and switched on
P_ORGINCON)
AUTSW ADAYS 15 HR: Tolerance Time for Authorization Check
AUTSW APPRO 0 HR: Test Procedures
AUTSW DFCON 0 HR: Default Position (Context)
AUTSW INCON 1 HR: Master Data (Context)
AUTSW NNCON 0 HR:Customer-Specific Authorization Check (Context)
AUTSW NNNNN 0 HR: Customer-Specific Authorization Check
AUTSW ORGIN 1 HR: Master Data
AUTSW ORGPD 0 HR: Structural Authorization Check
AUTSW ORGXX 0 HR: Master Data - Extended Check
AUTSW PERNR 1 HR: Master Data - Personnel Number Check
AUTSW XXCON 0 HR: Master Data - Enhanced Check (Context)
And added P_ORGINCON manually in the role , maintained auth values and strutual profile in it.
As per the settings above i am able to restrict the HR Admin from doing any activity on pernr (8) data .
Hence my assumption is settings in Task1 (CASE 1) and in CASE2 gives the same results as expected.
Conclusion :
If we dont want to use P_ORGINCON (contains Structural profile as field) we can go for OOAC settings as mentioned in TASK1
.Otherwise we can go for Case2 seetings.
Please correct me ,if i am wrong.
Case 3 : I have Defined Strutual profile as below in OOSP.
Profile No. PV OT RootObType ObjectID Maintained
HRADMIN_US 1 1 O 50000113 O-S-P
HRADMIN_US 2 1 O 50000116 O-S-P X
HRADMIN_US 3 1 O 50000117 O-S-P X
There are totally 3 org units. for the last 2 Org units i have given maintenance activity (X).
The HR Admin comes user The first Org Unit (50000113) for which the Maintenance activity not given.
Under this HR Admin Org unit (50000113) ,2 positions are there, One is occupied by this HR Admin (pernr 7) and other is by
Assistant HR Admin (pernr 11).
But this HR Admin not able to edit the Assistant HR Admin data . Does this bcz we did not check the maintenance button for
this org unit in Structural profile ???( even though we give Write/Edit Access in the role) ?
Please correct me ,if i am wrong. And how the HR Admin can able to edit his own data (does P_PERNR is by passing all these
auth checks?).
Regards,
Venu.