Hierarchy
SAP_HRGXX (Software Component) Sub component SAP_HRGXX of SAP_HR⤷
PE-RPL (Application Component) Room Reservation Management⤷
PP5C (Package) Room Reservations Planning - Customizing
IMG Activity
| ID | SIMG_OHP4OOSP | Maintain Profiles |
| Transaction Code | S_AHR_61005083 | IMG Activity: SIMG_OHP4OOSP |
| Created on | 19981221 | |
| Customizing Attributes | SIMG_OHP4OOSP | Maintain Profiles |
| Customizing Activity | SIMG_OHP4OOSP | Maintain Profiles |
Document
| Document Class | SIMG | Hypertext: Object Class - Class to which a document belongs. |
| Document Name | SIMG_OHP4OOSP |
In this step, you define the authorization profiles relevant for authorizations in Personnel Planning.
This step also includes settings you can make to protect certain structures and substructures.
You can define authorization for the following areas:
- Plan versions
- Object types
- Object IDs
The following parameters and functions are also available for the definition of authorization profiles:
- Evaluation paths
You can specify an evaluation path to determine that users are only authorized to access objects in a certain evaluation path.
When you use an evaluation path, you must complete the object ID field.
- Status vectors
You can specify a status vector to determine that a user only has access to objects whose relationship infotype records have a particular status, for example, planned or active status.
- Display depth
You can specify a display depth to determine what level in a hierarchical structure a user may access.
- Period
You can specify a time period to determine that a profile is dependent on the validity period of a structure. For example, by entering 'D' for the current day, you restrict structural authorization to structures that are valid on the current day.
If you make no entry here (default is <Blank>), no validity restriction is set.
(See example 4)
- Function module:
You can specify a function module in this field that dynamically determines a root object at runtime. No entry may be made in the Object ID field in this case. You must, however, specify a plan version and an object type.
The advantage of using function modules is that when a root object is dynamically determined at runtime, a user-specific profile is created. You only have to define one authorization profile.
(See example 5)
The standard system contains two function modules:
RH_GET_MANAGER_ASSIGNMENT (Determine organizational units for managers)
This function module determines as the root object the organizational unit to which the user is assigned as manager via relationship A012 (is manager of).
This function module works on the basis of a key date. It only finds organizational units of which the user is 'manager' on the key date or during the period specified.
RH_GET_ORG_ASSIGNMENT (Organizational assignment)
This function module determines as the root object the organizational unit to which the user is assigned organizationally.
You can also define profiles containing maintenance authorization. You do so by selecting the editing type Maintenance. This also enables the execution of function codes that have a Maintenance indicator in table T77FC.
The complete authorization is made up of basic authorizations plus the structural authorization defined.
Example
The following examples only list fields containing entries, not all fields.
- Example 1:
Plan version: "01"
The user is authorized to access plan version "01".
- Example 2:
Plan version: "01"
Object type: "O" (organizational unit)
The user is authorized to access organizational units in plan version "01".
- Example 3:
Plan version: "01"
Object type: "O"
Object ID: ID of an organizational unit
Evaluation path: "ORGEH" (organizational structure)
The user is authorized to access organization units starting from a root object (object ID entered) along the evaluation path "Organizational structure" in plan version 01.
- Example 4
Plan version: "01"
Object type: "O"
Period: "D" (current day)
The user is authorized to access organizational units in plan version "01" that are valid on the current day.
- Example 5:
Plan version: "01"
Object type: "O"
Object ID: "0" no restriction set
Evaluation path: "SBESX" (staff assignments along the organizational structure)
Function module: "RH_GET_MANAGER_ASSIGNMENT"
The user is authorized to access objects in plan version '01' found along the evaluation path 'Positions along the organizational structure' starting from a root object. The root object is determined by the function module. No entry may be made in the 'Object ID' field.
Thus, the user has authorization to access the organizational unit he or she manages and all underlying objects in the evaluation path SBESX.
Activities
- Create the required profiles with authorizations by entering data in the relevant fields.
Business Attributes
| ASAP Roadmap ID | 209 | Establish Authorization Management |
| Mandatory / Optional | 2 | Optional activity |
| Critical / Non-Critical | 1 | Critical |
| Country-Dependency | A | Valid for all countries |
Assigned Application Components
| Documentation Object Class | Documentation Object Name | Current line number | Application Component | Application Component Name |
|---|---|---|---|---|
| SIMG | SIMG_OHP4OOSP | 0 | PH40000007 | Room Reservation Management |
Maintenance Objects
| Maintenance object type | C | Customizing Object |
| Assigned objects | ||||||
|---|---|---|---|---|---|---|
| Customizing Object | Object Type | Transaction Code | Sub-object | Do not Summarize | Skip Subset Dialog Box | Description for multiple selections |
| T77PQ | C - View cluster | OOSP | PERPL001PH | Authorization Profiles |
History
| Last changed by/on | SAP | 19981221 |
| SAP Release Created in |
