https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026389#M715609 <HTML><HEAD></HEAD><BODY><P>Hey Guys,</P><P></P><P>I have a requirement. For an example, I would like to restrict IT 0001 access for write access. A Manager should have read and write access to IT 0001 only for personnel#s under his org unit (for which he has a 'chief' position). For other personnel#s, he should have only read access for IT 0001.</P><P></P><P>We would like to use Context Solution (P_ORGINCON authorization object). I have created a PD profile with O-S-P evaluation path and RH_GET_MANAGER_ASSIGNMENT as function module.</P><P></P><P>In role, authorization object P_ORGINCON would be having following values (which gives read and write access to IT 0001 for Manager's org unit):</P><P></P><P>Authorization Level - R, M, W, E, D, S</P><P>Infotype - 0001 </P><P>Personnel Area - * </P><P>Employee Group - * </P><P>Employee Subgroup - * </P><P>Subtype - * </P><P>Organizational Key - * </P><P>Authorization Profile - PD_PROFILE_1</P><P></P><P>PD profile (PD_PROFILE_1) is restricted by RH_GET_MANAGER_ASSIGNMENT function module and so it gives list of personnel#s, a Manager is authorized for his org unit.</P><P></P><P>My questions:</P><P></P><P>1: For my requirement, what values should be in second authorization object, to have read only access for IT 0001 for all personnel#s? Do I have to use P_ORGINCON authorization object with Authorization Profile as '*'?</P><P></P><P>2: At the time of turning on HR switch (transaction OOAC, table T77S0) for INCON (HR: Master Data (Context)) to 1, do we have to turn off switch for ORGIN (HR: Master Data)?</P><P></P><P>3: If yes to question 2, do we have to update all transactions in SU24 to reflect P_ORGINCON for check/maintain instead of P_ORGIN? So, whenever we enter transaction code in a role thru PGCF, P_ORGINCON would be entered in authorization or it is not required.</P><P></P><P>Thanks,</P><P>Karan.</P></BODY></HTML> Thu, 25 Oct 2007 19:48:45 GMT Former Member 2007-10-25T19:48:45Z https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026389#M715609 <HTML><HEAD></HEAD><BODY><P>Hey Guys,</P><P></P><P>I have a requirement. For an example, I would like to restrict IT 0001 access for write access. A Manager should have read and write access to IT 0001 only for personnel#s under his org unit (for which he has a 'chief' position). For other personnel#s, he should have only read access for IT 0001.</P><P></P><P>We would like to use Context Solution (P_ORGINCON authorization object). I have created a PD profile with O-S-P evaluation path and RH_GET_MANAGER_ASSIGNMENT as function module.</P><P></P><P>In role, authorization object P_ORGINCON would be having following values (which gives read and write access to IT 0001 for Manager's org unit):</P><P></P><P>Authorization Level - R, M, W, E, D, S</P><P>Infotype - 0001 </P><P>Personnel Area - * </P><P>Employee Group - * </P><P>Employee Subgroup - * </P><P>Subtype - * </P><P>Organizational Key - * </P><P>Authorization Profile - PD_PROFILE_1</P><P></P><P>PD profile (PD_PROFILE_1) is restricted by RH_GET_MANAGER_ASSIGNMENT function module and so it gives list of personnel#s, a Manager is authorized for his org unit.</P><P></P><P>My questions:</P><P></P><P>1: For my requirement, what values should be in second authorization object, to have read only access for IT 0001 for all personnel#s? Do I have to use P_ORGINCON authorization object with Authorization Profile as '*'?</P><P></P><P>2: At the time of turning on HR switch (transaction OOAC, table T77S0) for INCON (HR: Master Data (Context)) to 1, do we have to turn off switch for ORGIN (HR: Master Data)?</P><P></P><P>3: If yes to question 2, do we have to update all transactions in SU24 to reflect P_ORGINCON for check/maintain instead of P_ORGIN? So, whenever we enter transaction code in a role thru PGCF, P_ORGINCON would be entered in authorization or it is not required.</P><P></P><P>Thanks,</P><P>Karan.</P></BODY></HTML> Thu, 25 Oct 2007 19:48:45 GMT https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026389#M715609 Former Member 2007-10-25T19:48:45Z https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026390#M715610 <HTML><HEAD></HEAD><BODY><P>Hi Karan,</P><P></P><P>1: For my requirement, what values should be in second authorization object, to have read only access for IT 0001 for all personnel#s? Do I have to use P_ORGINCON authorization object with Authorization Profile as '*'?</P><P></P><P>I think you can use it.</P><P></P><P>2: At the time of turning on HR switch (transaction OOAC, table T77S0) for INCON (HR: Master Data (Context)) to 1, do we have to turn off switch for ORGIN (HR: Master Data)?</P><P></P><P>Yes you need to turn off the switch for ORGIN</P><P></P><P>3: If yes to question 2, do we have to update all transactions in SU24 to reflect P_ORGINCON for check/maintain instead of P_ORGIN? So, whenever we enter transaction code in a role thru PGCF, P_ORGINCON would be entered in authorization or it is not required.</P><P></P><P>You dont need to update in SU24</P></BODY></HTML> Mon, 05 Nov 2007 16:21:28 GMT https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026390#M715610 Former Member 2007-11-05T16:21:28Z https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026391#M715611 <HTML><HEAD></HEAD><BODY><P>Karan,</P><P></P><P>You don't &lt;i&gt;have&lt;/i&gt; to update SU24 but in my opinion it would be useful to do this for completeness.</P></BODY></HTML> Mon, 05 Nov 2007 16:40:36 GMT https://community.sap.com/t5/application-development-and-automation-discussions/structural-authorization-with-context-solution/m-p/3026391#M715611 Former Member 2007-11-05T16:40:36Z