Structural authorization

Former Member — Thu, 07 Feb 2008 04:11:18 GMT

Dear all,

I am trying to use structural authorization to make sure that a person while making his substitute in the business workplace is allowed to see only his organizational unit and should not be able to view a person from any other organizational unit.

And if he is moved to some other department he should only be able to see people from his new department and not from his previous department.

I have followed each and every step of the document provided at

"http://sapbasis.msspro.com/securitydocs/structural_authorizations_step_by_step.doc".

I would summarize it as follows:

User Profile for structural authorization is created using T-code OOSP by specifying the following options in its maintenance section.

• Plan Version =1

• Object Type=’O’

• Evaluation Path=O-S-P

• Status Vector =12

• Period =D ‘valid records as per today's date’

• And FM= RH_GET_ORG_ASSIGNMENT

Using T-code po13 i.e. for ‘Maintain Position’ and using IT1017 assign the above created profile to a position.

Now when T-code SE38 will execute the report ‘RHPROFL0’ all the persons assigned to the above positions(i.e. positions for which PD profile has been created) will be assigned this profile keeping the options as

• Object type ‘O’

• Un-checking the Test Session Run option

• Options for Standard and PD Authorization are checked

This can be further verified using T-code oosb and clicking on the blue icon next to it .It shall display a list of Object id’s on which that person has the authorization of viewing.

Now when a person is moved to some other department or some other sub-department within a department after he has been assigned a PD profile he is unable to see his new Org Unit id’s but he still views his previous Org Unit ,positions and persons. But if he is not assigned a PD profile and he is moved to a different department and later if he is assigned a PD Profile he sees valid records as per his new relationship with Org Unit.

But in our business scenario the transfer of people within the sub-departments and across departments take place very often so we have to look for a solution which allows a person view only the correct department related info i.e. valid as per the new relation.

I am working on SAP 4.6C.

Any help will really be appreciated.

Regards,

Madiha Jadoon

Re: Structural authorization

Former Member — Thu, 07 Feb 2008 11:11:22 GMT

please tell me the following:

do you assign a special authorization profile to that specific user in OOSB?

after the user moved to her/his new department, did you adjust this profile in OOSB or simply let it be?

Re: Structural authorization

Former Member — Fri, 08 Feb 2008 03:59:57 GMT

The authorization profile is created using T-code 'oosp' and assigned using T-code po13 to a particular position.

Later the authorization profile is assigned to the person by running the report RHPROFL0 in SE38 which displays all the persons with a profile assigned to their position and automatically assigns all the persons of that position to that profile.

topic Re: Structural authorization in Application Development and Automation Discussions

Structural authorization

Re: Structural authorization

Re: Structural authorization