topic Re: PPOCE authorization in Application Development and Automation Discussions

PPOCE authorization

Former Member — Mon, 23 Apr 2007 16:38:39 GMT

can we give authorization in this transaction PPOCE

if there is a organisational structure,can i give authorization such that a user can assign only certain positions i.e; if he tries to assign work to certain positions- it shud say no access allowed.can we do it?????

if so wat is the authorization object and how do i it.kindly help if u know

thanks

renjy

Re: PPOCE authorization

manohar_kappala2 — Mon, 23 Apr 2007 17:34:59 GMT

Hi,

PPOCE is for creation of the root org unit and not for maintaining.

Perhaps you might be referring to PPOME.

You can control the access to the transaction as the you wanted by using

Role+Structural Authorizations.

In the role u need to give S_TCODE and P_TCODE with PPOME

The in the Auth Object PLOG

give infotype 1001

Planning status as per your sytem

Object Type P(position) and WI (work item)

Plan Version as per your system normally current plan is choosen.

Function Code DISP, INSE, COPY,AEND

Subtype you need to know the way these two are related (like A/B030, A/B007 etc) for this you need to trace and obtain that value.

Now this give access to Add a Work item to a position.

But for controlling this to a set of positions

create a PD profile (tcode oosp) with relevant evaluation path and attach that to a user ID (OOSB) . Then the user will be appropriately controlled.

Hope this helps

Cheers Manohar

Message was edited by:

Manohar Kappala

Re: PPOCE authorization

Former Member — Wed, 25 Apr 2007 09:44:36 GMT

thanks manohar for ur help i ll try it,i have awarded points

Re: PPOCE authorization

Former Member — Wed, 25 Apr 2007 22:42:24 GMT

Hi Manohar,

Would you please send me complete step with two three example of HR security with two three roles created one. what is the difference between regular HR authorizaiton and structural authorization. So please send me to this email address happyman336@yahoo.com

Thanks

Happy

Re: PPOCE authorization

Former Member — Thu, 26 Apr 2007 09:27:51 GMT

if u do send a reply to happyman sent a copy of that to this maid too renjyverghese@gmail.com

Re: PPOCE authorization

Former Member — Thu, 26 Apr 2007 19:23:23 GMT

Hi,

Gurus, I didn't received mail to me please let me knwo

Thanks

Re: PPOCE authorization

former_member74904 — Fri, 27 Apr 2007 13:51:16 GMT

the difference between structural and 'standard' authorization is most easily described as follows:

the IT0001 (organizational assignment) screen is divided into 2 parts: enterprise structure and organizational structure.

the enterprise structure is what usually can be authorized through standard authorization (e.g. P_ORGIN --> personnel (sub)area, employee(sub)group, etc)

sometimes authorizing employees through these enterprise entities can lead to being authorized for too large a part of the HR population.

in this case it could be helpful to further restrict access with help of a structural profile.

if we were to take the following structural profile as an example :

(look in Tcode OOSP for fieldnames)

ZEXAMPLE  |  10  |  01  | O  |  5xxxxxxx  |  x  |  O-S-P  |  12  |

(all other fields can be left blank)

so, the combination of the standard role (e.g. where the user is authorized for personnel area 1000) with this structural profile will delimit access to only employees within pers. area 1000 but who should also be 'under' organizational unt 5xxxxxxx. If one of these prerequisites is not met, the user won't be authorized.

with authorizations setup this way, plus the additional PLOG authorization mentioned in the above post, the user will only be allowed to maintain positions within the org. unit (5xxxxxxx) entered in the structural profile.

hope this helps a little...

Re: PPOCE authorization

manohar_kappala2 — Fri, 27 Apr 2007 13:57:44 GMT

Hi,

was caught up in project work will try to reply u soon