cancel
Showing results for 
Search instead for 
Did you mean: 

PA30/PA20 Generic Object Services Security

Chris_Schutz
Active Participant
0 Kudos

Hi ,

In PA30/PA20 , we have the authorization to display/change infotype by HR Personel Area , and that is working well . We want to Attach Document using the Generic Object Services functionality .

But even if I do not have access to the infotypes for a given HR# , I can display the Attachments in the Generic Object Services !!! How can we put some Security/Authorization on this functionality ?

Thank you .

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi,

hope this can help you

Authorization objects enable complex checks of an authorization, which allows a user to carry out an action. An authorization object can group up to 10 authorization fields that are checked in an AND relationship.

For an authorization check to be successful, all field values of the authorization object must be maintained accordingly. The fields in an object should not be seen as input fields on a screen. Instead, fields should be regarded as system elements, such as infotypes, which are to be protected.

You can define as many system access authorizations as you wish for an object by creating a number of allowed values for the fields in an object. These value sets are called authorizations. The system checks these authorizations in OR relationships

Structural Authorizations

Structural profiles are assigned in a different way to general authorization profiles. To assign structural profiles, you use table T77UA (User Authorizations = Assignment of Profile to User), not Role Maintenance (PFCG transaction) as with general authorization profiles. The authorization profiles are specified in the T77PR table (Definition of Authorization Profiles).

You can protect (sub) structures by making relevant entries in this table

A useru2019s Overall Profile is determined from the intersection of his or her structural and general

authorization profiles, when you use both structural and general authorizations.

The structural profile determines which object in the hierarchical structure the user has access to; the general profile which object data (infotype, subtype) and which type of authorization (Read, Write, ...) the user has for these objects. The access mode for authorization objects in HR Master Data is determined in the AUTHC field (Authorization Level).

Steps to do Structural Authorization:

Step1: TC OOAC (table T77S0)

Activate the Structural Authorization switch

Step 2: TC OOSP

Create Structural Authorization profiles

Step 3: Assign Structural Authorization profile to user Id

Transaction Code: SE38 and assign report RHRPROFL0 enter object id for example (Organization unit)

Assign regular Role authorization

Table - T77UA (User Authorizations = Assignment of Profile to

User), not Role Maintenance (PFCG transaction)

The Table T77Pr - authorization profiles are specified in the T77PR table.

You can protect (sub) structures by making relevant entries in this table.

Rupa Prasad

Former Member
0 Kudos

Rupa,

The information u gave is excellent !!! Thank you..