Introduction on Authorizations
· Authorization
objects enable complex checks of an authorization, which allows a user to carry
out an action. An authorization object can group up to 10 authorization
fields that are checked in an AND relationship.
· For
an authorization check to be successful, all field values of the authorization
object must be maintained accordingly. The fields in an object should not be
seen as input fields on a screen. Instead, fields should be regarded as system
elements, such as infotypes, which are to be protected.
Key Authorization object for HR
P_ORGIN – HR: Master Data
This authorization is used to restrict access to personnel
master data.
The authorization level field specifies the access mode.
The following authorization levels exist:
Authorization Field
|
Long Text
|
|||
INFTY
|
Infotype
|
|||
SUBTY
|
Subtype
|
|||
AUTHC
|
Authorization Level
|
|||
PERSA
|
Personnel Area
|
|||
PERSG
|
Employee Group
|
|||
PERSK
|
Employee Subgroup
|
|||
VDSK1
|
Organizational Key
|
·
R (Read) for read access
·
M
(Matchcode) for read access to
input helps (F4)
·
W
(Write) for write access
·
E
and D (Enqueue and Dequeue)
for write access using the Asymmetrical Double Verification Principle. E
allows the user to create and change locked data records and D allows the user
to change lock indicators.
·
S
(Symmetric) for write access using
the Symmetric Double Verification Principle
·
*
always includes all other authorization levels simultaneously
Problems can arise in some programs
when write authorizations exist but no read authorizations. To avoid this, you should always specify R
along with the authorization levels W, E, D,
and S.
This applies for authorizations
with PSIGN = I in the P_PERNR authorization object. In certain cases, it
is appropriate not to enter read authorizations for authorizations with PSIGN =
E. This is not an exception to the rule. PSIGN = E can be used to
deny authorizations, which is, of course, allowed. This can occur, for example,
if you have specified an authorization using P_ORGIN and authorization level *,
and then use P_PERNR to determine that the user should be authorized to display
his or her own data but not change the data. In this case, you would specify an
authorization for P_PERNR with AUTHC = W, E, D, S
and PSIGN =
E.
Nice Information...
ReplyDeleteThough its merely copy & paste from HR 940 but yes it nice information
ReplyDeleteIt was very nice article and useful to SAP learners. we also provide SAP SR course online training our Cubtraining is leader in providing Software Training
ReplyDeleteTekslate.com is the Industry leader in providing SAP HR Training across the globe. Our online training methodology focus on hands on experience of SAP HR.
ReplyDeleteTo Attend Free Demo (Or) For any Queries Write to us at:
Email: info@tekslate.com
USA :- +1 415-830-3823, India :- 91 954-262-2288
Website: http://tekslate.com/
URL: http://tekslate.com/sap-hr-training/
we are providing a customized online training for sap hr in usa,uk and all over the world. for more information visit the given link http://www.flaxit.com/sap-hr-abap-online-training/.
ReplyDeletegreat blog keep on writing more info about saphcm
ReplyDeleteSAP MM training in Chennai
ReplyDeleteWe provide SAP MM training in Chennai with real time scenarios. For real time SAP MM training in Chennai join creating experts and become professional in SAP MM module
SAP MM Training in chennai
Creating experts,A leading career development organization provides Real time training in SAP Success Factors,SAP MM, SAP SD, SAP ABAP, SAP BASIS,SAP BASIS, SAP FICO,with live examples by corporate Experts.
ReplyDeletewww.thecreatingexperts.com (Best SAP training institute in chennai with placement assistance)
SAP Success Factor,SAP MM Training in chennai Vadapalani ECR velachery Tambaram chromepet guindy and t.nagar. Call @ 8122241286
SAP Success factor training in chennai
Thank you. It is such a wonderful post. it has great information it is very useful for sap video tutorials.
ReplyDeleteThanks For a sharing informative information.
ReplyDeleteSap training institute in delhi
Thank you. It is such a wonderful post. it has great information it is very useful for sap hana server access.
ReplyDeleteIntelliMindz is a best IT Training in Chennai with placement, offering 200 and more software courses with 100% Placement Assistance.
ReplyDeleteSAP FICO Training In Chennai
SAP FICO Training In Chennai
SAP FICO Training In Bangalore
SAP ABAP Training In Chennai
SAP ABAP Training In Chennai
SAP ABAP Training In Bangalore
SAP HR Training In Chennai
SAP HR Training In Bangalore
SAP HR Training In Chennai