Explaining concepts for SAP HCM authorisations to
- make it more dynamic
- reduce the number or roles
- implement very bespoke requirements
using BAdIs, custom authorisation objects, dynamic structural authorisation and further tips
SAP HCM Structural Authorization Overview PresentationKenBowers
Structural authorization permits access to personnel data based on a user's position in the organizational structure. It is configured by creating an organizational structure, personnel records, evaluation paths, structural authorization profiles, and linking profiles to user IDs. A profile defines the objects and attributes a user can access based on their assigned root organizational unit. This can be determined dynamically using function modules or manually. The configuration is tested to restrict user access according to the organizational structure.
The document provides an overview of the Personnel Administration module in SAP. It describes how the module is used to perform key personnel tasks such as hiring, termination, salary adjustment, and organizational reassignment by establishing organizational hierarchies. It also explains important concepts like infotypes, subtypes, and standard transactions and reports used for personnel administration.
The document describes different types of procurement and special procurement types for materials in procurement "E". It provides an example process for a bill of materials containing a material with special procurement type 52. The process involves: 1) Creating a production order to generate requirements for the material; 2) Running MRP only for that material to create a "fake" production order; 3) Running full MRP to generate planned orders and purchase requests for all materials.
Prepare for your interview with these top 20 SAP HR AND HCM interview questions. For more IT Profiles, Sample Resumes, Practice exams, Interview Questions, Live Training and more…visit ITLearnMore – Most Trusted Website for all Learning Needs by Students, Graduates and Working Professionals.
Looking to add weight to your resume? Check out for ITLearnmore for varied online IT courses at affordable prices intended for career boost. There is so much in store for both fresh graduates and professionals here. Hurry up..! Get updated with the current IT job market requirements and related courses.For more information visit http://www.ITLearnMore.com.
This document discusses organizational management in SAP, including:
[1] Maintaining organizational structures through objects, relationships, and evaluation paths.
[2] Using the organizational and staffing mode interface to search, select, display, and modify organizational objects and structures.
[3] Other topics covered include plan versions, object statuses, number ranges, and interfaces for creating organizational structures.
HR ABAP Technical Overview | http://sapdocs.info/sapdocs. info
You can get this HR ABAP Material from http://sapdocs.info/sap/hr-abap/download-hr-abap-ppt-tutorial-material-technical-overview/
get more SAP Materials from http://sapdocs.info
SAP HCM Structural Authorization Overview PresentationKenBowers
Structural authorization permits access to personnel data based on a user's position in the organizational structure. It is configured by creating an organizational structure, personnel records, evaluation paths, structural authorization profiles, and linking profiles to user IDs. A profile defines the objects and attributes a user can access based on their assigned root organizational unit. This can be determined dynamically using function modules or manually. The configuration is tested to restrict user access according to the organizational structure.
The document provides an overview of the Personnel Administration module in SAP. It describes how the module is used to perform key personnel tasks such as hiring, termination, salary adjustment, and organizational reassignment by establishing organizational hierarchies. It also explains important concepts like infotypes, subtypes, and standard transactions and reports used for personnel administration.
The document describes different types of procurement and special procurement types for materials in procurement "E". It provides an example process for a bill of materials containing a material with special procurement type 52. The process involves: 1) Creating a production order to generate requirements for the material; 2) Running MRP only for that material to create a "fake" production order; 3) Running full MRP to generate planned orders and purchase requests for all materials.
Prepare for your interview with these top 20 SAP HR AND HCM interview questions. For more IT Profiles, Sample Resumes, Practice exams, Interview Questions, Live Training and more…visit ITLearnMore – Most Trusted Website for all Learning Needs by Students, Graduates and Working Professionals.
Looking to add weight to your resume? Check out for ITLearnmore for varied online IT courses at affordable prices intended for career boost. There is so much in store for both fresh graduates and professionals here. Hurry up..! Get updated with the current IT job market requirements and related courses.For more information visit http://www.ITLearnMore.com.
This document discusses organizational management in SAP, including:
[1] Maintaining organizational structures through objects, relationships, and evaluation paths.
[2] Using the organizational and staffing mode interface to search, select, display, and modify organizational objects and structures.
[3] Other topics covered include plan versions, object statuses, number ranges, and interfaces for creating organizational structures.
HR ABAP Technical Overview | http://sapdocs.info/sapdocs. info
You can get this HR ABAP Material from http://sapdocs.info/sap/hr-abap/download-hr-abap-ppt-tutorial-material-technical-overview/
get more SAP Materials from http://sapdocs.info
The document discusses SAP HR modules and ABAP HR. It provides an overview of HR-ABAP and the differences between ABAP and ABAP HR. Key aspects covered include info types, their structure and common info types. It describes the three time constraints and provides examples. Personnel Administration is discussed as the central repository for employee data that integrates with other HR modules. Steps for creating a custom info type and enhancements are also summarized.
This document provides an overview of SAP Human Resources personnel administration. It discusses the enterprise structure including clients, company codes, personnel areas, and subareas. It also covers personnel structures such as employee groups, subgroups, and payroll areas. Finally, it summarizes infotypes which are logical groupings of employee data fields, and dynamic actions which allow automatic processing in SAP.
The document discusses programming in HR-ABAP and covers topics like prerequisites for ABAP HR programming, training on modules in SAP-HR like infotypes and how to create and enhance infotypes. It also discusses concepts like macros, use of PROVIDE statement, and creating a customer defined PA letters infotype for storing letters generated for employees.
This document provides an overview of SAP HR configuration. It discusses creating personnel areas, subareas, and payroll areas. It covers maintaining infotypes, forms of address, education types, and other reference data. Number assignment and object types are configured. Integration is set up between personnel administration, organizational management, and other modules. Master and transactional data impacts of the configurations are noted. The document aims to guide the reader through many of the key HR configuration steps at a high level.
This document discusses how to identify authorization checks for custom transactions in SAP systems in order to include critical custom transactions in the rule set for authorization auditing. It provides instructions for searching the transaction table (TSTC) to find custom transactions, checking transaction programs for AUTHORITY CHECK statements using transaction SE93 or report RSABAPSC, and identifying table authorization groups for parameter transactions by analyzing transaction views. The goal is to fine tune the GRC filter set to include checks for relevant custom transactions.
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
The document discusses authorization concepts in SAP systems. It explains that authorizations for users are created using roles and profiles, which are defined by the administrator. Roles contain authorizations that allow users to access transactions, reports, and applications. There are two ways to create new roles - copying an existing role or creating a new role based on business requirements. The process of creating a new role involves assigning transactions and programs to the role menu, defining authorizations, and generating an authorization profile.
This document describes how to use inspection rounds and operation account assignment functionality in SAP PM. It provides instructions for defining an inspection round using a general task list, planning the inspection round by creating a maintenance plan and assigning the task list, and executing the inspection round by further planning any generated maintenance orders and recording time and costs at the operation level linked to different equipment references. Background prerequisites and configurations are also outlined.
The document provides a guide to creating and using authorization objects in SAP systems in the simplest way. It explains how to create an authorization field, authorization class and object. It then demonstrates how to create a role, profile and authorization to control user permissions. The guide codes an authorization check in ABAP and provides steps to test the authorization configuration.
The document provides instructions for setting up key HRMS configurations in Oracle R12 including:
1. Creating responsibilities for HRMS managers and users
2. Defining flexfield structures for job, position, grade, people group, cost allocation, and competence
3. Creating a business group, locations, organizations, and hierarchies
4. Setting up jobs, positions, grades, and entering employee details
5. Guidance on creating vacancies, recruitment activities, and tracking applicant progress
CATS (Cross Application Time Sheet) is a tool in SAP for recording employee time across different business areas like HR, Project Systems, and Controlling. It allows for a single entry of time data that can then be distributed to various SAP modules. CATS provides benefits like integrated time collection, approval workflows, default values, and interfaces for various user types. Time entered in CATS can be transferred to HR for payroll, Project Systems for project costing, and Controlling for internal order costing. The integration enables accurate time tracking and cost allocation across key SAP applications.
HR ABAP uses logical databases, infotypes, and macros to store and retrieve time-dependent employee data. Logical databases provide standardized selection screens and automatic authorization checks when accessing infotype records. Compared to general ABAP, HR ABAP makes greater use of logical databases, covers additional HR concepts like infotypes and time-dependent data, and uses macros and functions modules specific to HR processes. Key differences include the storage of employee data in infotypes, retrieval of records using logical databases and macros, and authorization checks for valid employee and infotype access.
The document discusses SAP Business Workflow, including:
- It allows for automation of business processes across SAP applications.
- Workflows consist of sequential steps that can be performed by people or automatically by the system.
- Key components include workflow definitions, instances, tasks, work items, agents, containers, bindings, and business objects.
The document provides an overview and agenda for Oracle iRecruitment. It discusses features for site visitors, registered users, managers, recruiters, and agencies. Key functions covered include creating and managing vacancies, searching and processing candidates, working with applicants, making offers, and hiring applicants. The goal of iRecruitment is to streamline the recruitment process from sourcing candidates to hiring.
Forms and OA Framework personalization tools allow declarative customization of applications without coding. Examples shown include: displaying messages to users; restricting data access; adding menu items; masking data; changing lists of values; removing buttons; changing prompts; and hiding or reordering columns. Personalizations can improve processes, security, and usability while reducing costs associated with training, errors, and upgrades.
SAP HR is a human resources management system that consists of several modules for organizing management, personnel administration, recruitment, benefits, compensation, training, personnel development, time management, and payroll accounting. The modules allow organizations to hire and terminate employees, manage organizational structures and reassignments, administer benefits packages, conduct performance reviews and training, track employee time and attendance, and process payroll. Key functions include applicant tracking, open enrollment, reporting tax documents, and integrating HR data with other SAP applications.
Arghadip Kar provides a tutorial on developing a purchase order workflow in SAP. The tutorial covers: 1) understanding SAP workflow and its components like business objects, events, methods, and workflow templates; 2) using transaction codes to develop a purchase order approval workflow; and 3) testing the workflow template from a purchase order transaction. The goal is to build a real-life workflow that requires approval for purchase orders over $25,000 and provides automated notifications.
Sap hcm online and remote based training in usa,uk,indiamagnifics
www.Magnifictraining.com-sap hcm ONLINE TRAINING. contact us: info@magnifictraining.com
or call us: +919052666559,919052666558 sap technologies like sap hcm,sap ewm,sap hcm,sap hcm ,sap basis,
sap hcm ,sap bi/bw, sap is banking,sap srm,
sap gts online training by industrail hands on training on sap hcm online TRAINING.
SAP HCM Online Training Course Contents :
Introduction to SAP
Introduction to ERP
Overview of SAP
SAP-HCM Module at a glance
Organizational Management
Organizational Structure (Simple Maintenance & Expert Mode)
Objects, Additional Object Types ,Task Description/Department/Staff
Plan Versions ,Org Management Infotypes
Account assignment features, Structure Maintenance
Configure Positions, Jobs, Cost Center Assignment, Reporting Relationships
Personnel Administration
Enterprise Structure & Personnel Structure
Personnel Area, Personnel Sub Area, Employee Group, Employee Sub Group
Assignment of ES & PS
Personnel Action , Hiring , Employee Master Data
PA Infotypes Maintenance , Dynamic Actions
Recruitment
Recruitment Medium & Instruments, Applicant Master Data
Applicant Actions, Applicant Activity
Transfer Applicant Data to Employee Master Data
Report Generation, Recruitment Infotype Maintenance
Time Management
Sap hcm online and remote based training in usa,uk,indiamagnificsha
www.Magnifictraining.com-sap hcm ONLINE TRAINING. contact us: info@magnifictraining.com
or call us: +919052666559,919052666558 sap technologies like sap hcm,sap ewm,sap hcm,sap hcm ,sap basis,
sap hcm ,sap bi/bw, sap is banking,sap srm,
sap gts online training by industrail hands on training on sap hcm online TRAINING.
SAP HCM Online Training Course Contents :
Introduction to SAP
Introduction to ERP
Overview of SAP
SAP-HCM Module at a glance
Organizational Management
Organizational Structure (Simple Maintenance & Expert Mode)
Objects, Additional Object Types ,Task Description/Department/Staff
Plan Versions ,Org Management Infotypes
Account assignment features, Structure Maintenance
Configure Positions, Jobs, Cost Center Assignment, Reporting Relationships
Personnel Administration
Enterprise Structure & Personnel Structure
Personnel Area, Personnel Sub Area, Employee Group, Employee Sub Group
Assignment of ES & PS
Personnel Action , Hiring , Employee Master Data
PA Infotypes Maintenance , Dynamic Actions
Recruitment
Recruitment Medium & Instruments, Applicant Master Data
Applicant Actions, Applicant Activity
Transfer Applicant Data to Employee Master Data
Report Generation, Recruitment Infotype Maintenance
Time Management
The document discusses SAP HR modules and ABAP HR. It provides an overview of HR-ABAP and the differences between ABAP and ABAP HR. Key aspects covered include info types, their structure and common info types. It describes the three time constraints and provides examples. Personnel Administration is discussed as the central repository for employee data that integrates with other HR modules. Steps for creating a custom info type and enhancements are also summarized.
This document provides an overview of SAP Human Resources personnel administration. It discusses the enterprise structure including clients, company codes, personnel areas, and subareas. It also covers personnel structures such as employee groups, subgroups, and payroll areas. Finally, it summarizes infotypes which are logical groupings of employee data fields, and dynamic actions which allow automatic processing in SAP.
The document discusses programming in HR-ABAP and covers topics like prerequisites for ABAP HR programming, training on modules in SAP-HR like infotypes and how to create and enhance infotypes. It also discusses concepts like macros, use of PROVIDE statement, and creating a customer defined PA letters infotype for storing letters generated for employees.
This document provides an overview of SAP HR configuration. It discusses creating personnel areas, subareas, and payroll areas. It covers maintaining infotypes, forms of address, education types, and other reference data. Number assignment and object types are configured. Integration is set up between personnel administration, organizational management, and other modules. Master and transactional data impacts of the configurations are noted. The document aims to guide the reader through many of the key HR configuration steps at a high level.
This document discusses how to identify authorization checks for custom transactions in SAP systems in order to include critical custom transactions in the rule set for authorization auditing. It provides instructions for searching the transaction table (TSTC) to find custom transactions, checking transaction programs for AUTHORITY CHECK statements using transaction SE93 or report RSABAPSC, and identifying table authorization groups for parameter transactions by analyzing transaction views. The goal is to fine tune the GRC filter set to include checks for relevant custom transactions.
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
The document discusses authorization concepts in SAP systems. It explains that authorizations for users are created using roles and profiles, which are defined by the administrator. Roles contain authorizations that allow users to access transactions, reports, and applications. There are two ways to create new roles - copying an existing role or creating a new role based on business requirements. The process of creating a new role involves assigning transactions and programs to the role menu, defining authorizations, and generating an authorization profile.
This document describes how to use inspection rounds and operation account assignment functionality in SAP PM. It provides instructions for defining an inspection round using a general task list, planning the inspection round by creating a maintenance plan and assigning the task list, and executing the inspection round by further planning any generated maintenance orders and recording time and costs at the operation level linked to different equipment references. Background prerequisites and configurations are also outlined.
The document provides a guide to creating and using authorization objects in SAP systems in the simplest way. It explains how to create an authorization field, authorization class and object. It then demonstrates how to create a role, profile and authorization to control user permissions. The guide codes an authorization check in ABAP and provides steps to test the authorization configuration.
The document provides instructions for setting up key HRMS configurations in Oracle R12 including:
1. Creating responsibilities for HRMS managers and users
2. Defining flexfield structures for job, position, grade, people group, cost allocation, and competence
3. Creating a business group, locations, organizations, and hierarchies
4. Setting up jobs, positions, grades, and entering employee details
5. Guidance on creating vacancies, recruitment activities, and tracking applicant progress
CATS (Cross Application Time Sheet) is a tool in SAP for recording employee time across different business areas like HR, Project Systems, and Controlling. It allows for a single entry of time data that can then be distributed to various SAP modules. CATS provides benefits like integrated time collection, approval workflows, default values, and interfaces for various user types. Time entered in CATS can be transferred to HR for payroll, Project Systems for project costing, and Controlling for internal order costing. The integration enables accurate time tracking and cost allocation across key SAP applications.
HR ABAP uses logical databases, infotypes, and macros to store and retrieve time-dependent employee data. Logical databases provide standardized selection screens and automatic authorization checks when accessing infotype records. Compared to general ABAP, HR ABAP makes greater use of logical databases, covers additional HR concepts like infotypes and time-dependent data, and uses macros and functions modules specific to HR processes. Key differences include the storage of employee data in infotypes, retrieval of records using logical databases and macros, and authorization checks for valid employee and infotype access.
The document discusses SAP Business Workflow, including:
- It allows for automation of business processes across SAP applications.
- Workflows consist of sequential steps that can be performed by people or automatically by the system.
- Key components include workflow definitions, instances, tasks, work items, agents, containers, bindings, and business objects.
The document provides an overview and agenda for Oracle iRecruitment. It discusses features for site visitors, registered users, managers, recruiters, and agencies. Key functions covered include creating and managing vacancies, searching and processing candidates, working with applicants, making offers, and hiring applicants. The goal of iRecruitment is to streamline the recruitment process from sourcing candidates to hiring.
Forms and OA Framework personalization tools allow declarative customization of applications without coding. Examples shown include: displaying messages to users; restricting data access; adding menu items; masking data; changing lists of values; removing buttons; changing prompts; and hiding or reordering columns. Personalizations can improve processes, security, and usability while reducing costs associated with training, errors, and upgrades.
SAP HR is a human resources management system that consists of several modules for organizing management, personnel administration, recruitment, benefits, compensation, training, personnel development, time management, and payroll accounting. The modules allow organizations to hire and terminate employees, manage organizational structures and reassignments, administer benefits packages, conduct performance reviews and training, track employee time and attendance, and process payroll. Key functions include applicant tracking, open enrollment, reporting tax documents, and integrating HR data with other SAP applications.
Arghadip Kar provides a tutorial on developing a purchase order workflow in SAP. The tutorial covers: 1) understanding SAP workflow and its components like business objects, events, methods, and workflow templates; 2) using transaction codes to develop a purchase order approval workflow; and 3) testing the workflow template from a purchase order transaction. The goal is to build a real-life workflow that requires approval for purchase orders over $25,000 and provides automated notifications.
Sap hcm online and remote based training in usa,uk,indiamagnifics
www.Magnifictraining.com-sap hcm ONLINE TRAINING. contact us: info@magnifictraining.com
or call us: +919052666559,919052666558 sap technologies like sap hcm,sap ewm,sap hcm,sap hcm ,sap basis,
sap hcm ,sap bi/bw, sap is banking,sap srm,
sap gts online training by industrail hands on training on sap hcm online TRAINING.
SAP HCM Online Training Course Contents :
Introduction to SAP
Introduction to ERP
Overview of SAP
SAP-HCM Module at a glance
Organizational Management
Organizational Structure (Simple Maintenance & Expert Mode)
Objects, Additional Object Types ,Task Description/Department/Staff
Plan Versions ,Org Management Infotypes
Account assignment features, Structure Maintenance
Configure Positions, Jobs, Cost Center Assignment, Reporting Relationships
Personnel Administration
Enterprise Structure & Personnel Structure
Personnel Area, Personnel Sub Area, Employee Group, Employee Sub Group
Assignment of ES & PS
Personnel Action , Hiring , Employee Master Data
PA Infotypes Maintenance , Dynamic Actions
Recruitment
Recruitment Medium & Instruments, Applicant Master Data
Applicant Actions, Applicant Activity
Transfer Applicant Data to Employee Master Data
Report Generation, Recruitment Infotype Maintenance
Time Management
Sap hcm online and remote based training in usa,uk,indiamagnificsha
www.Magnifictraining.com-sap hcm ONLINE TRAINING. contact us: info@magnifictraining.com
or call us: +919052666559,919052666558 sap technologies like sap hcm,sap ewm,sap hcm,sap hcm ,sap basis,
sap hcm ,sap bi/bw, sap is banking,sap srm,
sap gts online training by industrail hands on training on sap hcm online TRAINING.
SAP HCM Online Training Course Contents :
Introduction to SAP
Introduction to ERP
Overview of SAP
SAP-HCM Module at a glance
Organizational Management
Organizational Structure (Simple Maintenance & Expert Mode)
Objects, Additional Object Types ,Task Description/Department/Staff
Plan Versions ,Org Management Infotypes
Account assignment features, Structure Maintenance
Configure Positions, Jobs, Cost Center Assignment, Reporting Relationships
Personnel Administration
Enterprise Structure & Personnel Structure
Personnel Area, Personnel Sub Area, Employee Group, Employee Sub Group
Assignment of ES & PS
Personnel Action , Hiring , Employee Master Data
PA Infotypes Maintenance , Dynamic Actions
Recruitment
Recruitment Medium & Instruments, Applicant Master Data
Applicant Actions, Applicant Activity
Transfer Applicant Data to Employee Master Data
Report Generation, Recruitment Infotype Maintenance
Time Management
Sap hcm online and remote based training in usa,uk,indiamagnificsairam
www.Magnifictraining.com-sap hcm ONLINE TRAINING. contact us: info@magnifictraining.com
or call us: +919052666559,919052666558 sap technologies like sap hcm,sap ewm,sap hcm,sap hcm ,sap basis,
sap hcm ,sap bi/bw, sap is banking,sap srm,
sap gts online training by industrail hands on training on sap hcm online TRAINING.
SAP HCM Online Training Course Contents :
Introduction to SAP
Introduction to ERP
Overview of SAP
SAP-HCM Module at a glance
Organizational Management
Organizational Structure (Simple Maintenance & Expert Mode)
Objects, Additional Object Types ,Task Description/Department/Staff
Plan Versions ,Org Management Infotypes
Account assignment features, Structure Maintenance
Configure Positions, Jobs, Cost Center Assignment, Reporting Relationships
Personnel Administration
Enterprise Structure & Personnel Structure
Personnel Area, Personnel Sub Area, Employee Group, Employee Sub Group
Assignment of ES & PS
Personnel Action , Hiring , Employee Master Data
PA Infotypes Maintenance , Dynamic Actions
Recruitment
Recruitment Medium & Instruments, Applicant Master Data
Applicant Actions, Applicant Activity
Transfer Applicant Data to Employee Master Data
Report Generation, Recruitment Infotype Maintenance
Time Management
Sap hcm online and remote based training in usa,uk,indiamagnificsmily
www.Magnifictraining.com-sap hcm ONLINE TRAINING. contact us: info@magnifictraining.com
or call us: +919052666559,919052666558 sap technologies like sap hcm,sap ewm,sap hcm,sap hcm ,sap basis,
sap hcm ,sap bi/bw, sap is banking,sap srm,
sap gts online training by industrail hands on training on sap hcm online TRAINING.
SAP HCM Online Training Course Contents :
Introduction to SAP
Introduction to ERP
Overview of SAP
SAP-HCM Module at a glance
Organizational Management
Organizational Structure (Simple Maintenance & Expert Mode)
Objects, Additional Object Types ,Task Description/Department/Staff
Plan Versions ,Org Management Infotypes
Account assignment features, Structure Maintenance
Configure Positions, Jobs, Cost Center Assignment, Reporting Relationships
Personnel Administration
Enterprise Structure & Personnel Structure
Personnel Area, Personnel Sub Area, Employee Group, Employee Sub Group
Assignment of ES & PS
Personnel Action , Hiring , Employee Master Data
PA Infotypes Maintenance , Dynamic Actions
Recruitment
Recruitment Medium & Instruments, Applicant Master Data
Applicant Actions, Applicant Activity
Transfer Applicant Data to Employee Master Data
Report Generation, Recruitment Infotype Maintenance
Time Management
Sap hcm online and remote based training in usa,uk,indiamagnificsmile
This document discusses SAP HCM online and remote training provided by Magnific Training. It focuses on reducing the number of roles in SAP HCM through techniques like dynamic start objects, using custom objects and BAdIs, and implementing reference roles. The document provides examples and tips on how to design dynamic profiles based on organizational units and create context-dependent authorizations. It also discusses how to leverage functions like RH_GET_ORG_ASSIGNMENT and coding in P_NNNNN to dynamically determine access based on attributes like cost center.
www.magnifictraining.com - "sap HCM(Human capital management)" Online Training contact us:info@magnifictraining.com or+1-6786933994,+1-6786933475, +919052666559,+919052666558 By Real Time Experts from Hyderabad, Bangalore,India,USA,Canada,UK, Australia,South Africa.
SPI_Conference_Handling Breakups to Save Future Headaches_FinalCurtis Weldon
This document discusses best practices for offboarding employees. It defines offboarding as a process for processing employee terminations and deprovisioning access. The presentation covers different types of employee terminations, areas to deprovision like physical equipment and system access, key stakeholders and their roles, how to create an offboarding process, measuring success, and provides a seven point wrap-up. The goal is to help organizations understand offboarding and implement best practices to efficiently and securely terminate employee access.
SAP HCM - Organization Management end user presentationsteve4sap
This document provides an overview of key concepts in SAP's Organizational Management module, including organizational plans, object types, organizational units, jobs, positions, and infotypes. It describes how these different elements are used to define an organizational structure and maintain related employee data in SAP HCM. Transactions and reports for viewing, maintaining, and reporting on organizational data are also listed.
SPI_Conference_Handling Breakups to Save Future Headaches_FinalCurtis Weldon
This document discusses best practices for offboarding employees. It covers the key aspects of an offboarding process, including different types of employee terminations and what is required for each. Areas of de-provisioning like disabling system access and collecting equipment are discussed. The roles and responsibilities of different business owners in the offboarding process are outlined. Creating an offboarding process is demonstrated, including integration with other systems. Finally, ways to measure the success of an offboarding process, like improved efficiency in de-provisioning access, are presented.
A Business Analyst (BA) analyzes organizations and systems to improve business processes and integration with technology. There are four tiers of business analysis from strategic planning to technical analysis. BAs document requirements, assess current processes, define new processes, and ensure technical systems meet business needs. Deliverables include requirements, specifications, models, and documentation to bridge business and technical stakeholders.
The document outlines an approach to requirement assessment that includes gathering inputs from business needs, organizational processes, and expert judgment. It involves conducting a requirement workshop, brainstorming sessions, and document analysis to develop outputs like user stories, functional requirements, and non-functional requirements. The approach aims to clearly define what is needed from a potential solution by engaging stakeholders and analyzing existing materials.
Identity & Access Governance versus Process AgilityHorst Walther
How Governance tasks can be safely performed in a highly volatile business environment too.
Presented on the „IT-Security for Social, Mobile & Cloud, 2015 “, 2015-09-24, 09:30
Segregation of Duties and Sensitive Access as a Service
Description
This webinar highlighted the key risks in your PeopleSoft Applications, including PII, Sensitive Data, and Segregation of Duty Risks. We took a look at the key Application controls, from Components/Pages to User Preferences and Workflow Approval. If you are approaching Audit season, we also covered our unique Access Review as a Service, with no software to deploy in exchange for powerful and insightful reports as to the effectiveness of your current controls.
Finally, we took a look at PII's use in your Applications and the process of governing this access in light of legislation such as GDPR and CCPA.
The document provides an overview of the evolution of HRIS (Human Resource Information Systems) from the early 20th century to present day. It discusses how HRIS evolved from basic record keeping on mainframe computers to modern cloud-based systems that provide functionality for recruitment, benefits management, payroll, and more. The document also outlines some common reasons for HR technology failures such as not properly defining business requirements and lack of change management. Finally, it lists several key requirements for successful HR technology implementation including clear goals, effective processes, the right technology solution, and change management.
As usual, you will not find any reference numbers in that document. However, if you need this kind of information, just follow the embedded links. In addition to that, I inserted a new section called “Useful Knowledge Base Articles”.
Please keep in mind, that this compilation is not intended to be complete, but rather a snippet of features which customers often request or are in general big changes.
Cascade Human Resources Ltd plays host to Denis Bernard from HR Comparison as he guides us through the fundamentals of choosing the right HR System for your organisation.
After which, HR product specialist Marc Greggains will give you a brief overview of the sponsor Cascade HR and Ric Mellor, Cascade Product Services Manager, will guide you through the essentials you need to know for preparing and implementing your HR system project.
Who Does What, When, and How for a Divestiture?eprentise
Businesses that are going through a divestiture need to consider several key questions: What are we selling, and why? What data belongs to me, and how do I find it? As my business changes by the rules, how do I achieve agility? What are my options for divesting? This webinar will address potential business and IT issues affecting organizations that go through the divestiture process. The presentation will touch on key insights and outline approaches that can be used by both business and IT organizations to ensure success.
In this Business Analysis training session, you will learn about Enterprise Analysis. Topics covered in this session are:
• Enterprise analysis
• SWOT Analysis
• Feasibility Evaluation
• Problem Statement & Goal Statement
• Business Case
• Project Scope Statement & Vision Document
• AS IS (current state) and TO BE (future state)
• Root Cause Analysis – Fish Bone Diagram
For more information, click here: https://www.mindsmapped.com/courses/business-analysis/business-analysis-training-for-beginners-as-per-babok-v3/
LeanIX Virtual Workspaces make it possible for enterprises to operate across a shared IT inventory while setting specific access rights to protect confidential data or reducing the complexity of a workspace for certain business units.
Check out our overview where we cover best practices, tips and tricks for Virtual Workspaces use cases.
Software System Engineering - Chapter 13Fadhil Ismail
This document discusses different techniques for specifying software operations, including contracts, pre-and post-conditions, decision tables, structured English, activity diagrams, and the Object Constraint Language (OCL). Contract-based specifications focus on inputs and outputs without detailing implementation. Non-algorithmic techniques like decision tables and pre-post conditions specify what an operation should achieve without how. Algorithmic methods like structured English and activity diagrams describe the logic and flow. OCL uses context, properties, and operations to write constraints for modeling elements. The document provides examples and explanations of how to apply these various specification approaches.
Similar to Optimising SAP HR Authorisation by using custom development incl. BAdIs (20)
Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?Sven Ringling
Diese Präsentation, angelehnt an meinen Vortrag auf der "Mastering HR" Konferrenz in Johannesburg, stellt die 5 Säulen der digitalen Transformation vor und beleuchtet wie die HR Funktion und moderne HR Software wie SAP SuccessFactors diese Transformation unternehmensweit unterstützen können
Concur vs SAP on premise Travel ManagementSven Ringling
How does Concur, SAP's cloud solution for Travel and Expense, compare to the traditional SAP on-premise Travelmanagement? Comparing Apples with Pears giving current SAP customers an indication of the change to be expected in a Concur transformation project
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...Sven Ringling
Find out how to add validity periods to SAP HR structure objects. A great feature most notably for companies having used a global SAP HR system for several years, as they will have accumulated quite a few obsolete objects by now
SAP HCM authorisations: streamline processes and improve HR data securitySven Ringling
This document provides an overview of authorizations in SAP HCM and recommendations for improving authorization design. It discusses using dynamic start objects and structural profiles to reduce the number of roles and improve performance. Common pitfalls like combining authorizations from different roles or improperly using objects like P_PERNR are outlined. The presentation also provides tips for redesigning authorizations through approaches like composite roles, assigning roles via organizational management, and leveraging BAdI extensions. Overall it aims to help optimize and streamline authorization structures.
Managing cost and realising benefits from your SAP HCM or other HR systemSven Ringling
Conference presentation: clear process to clean up the investment portfolio from any HRIS (HR information system) using SAP HCM as an example. How to reduce cost and maximise benefits from IT in HR.
Managing Change in International SAP HCM ProjectsSven Ringling
The document outlines different approaches to global rollouts of changes to SAP HCM systems. It discusses the "conqueror's approach" which tries to force changes but often provokes resistance. The "missionary's approach" assumes the changes are blessings but can also provoke resistance by not involving local teams. A cooperative model is recommended that provides clear guidance but also involves local knowledge and management to gain support and ensure changes fit each country's needs. Both central teams and local teams must be open to learning and changing as part of successful global rollouts.
Right Sourcing: The Role of HR in Creating Shareholder ValueSven Ringling
A brief overview of the 6 elements of right-sourcing readiness (considering not only cost, but culture, business strategy, etc.), how they link to shareholder value and what HR can do to make an organisation right-sourcing ready.
Includes case studies.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
2. 1
In This Session
• We’ll walk through the most important standard concepts of HR
authorisations
To demonstrate what they can and can’t do and, thus leading to
improvement opportunities through custom development
We will not discuss each and every detail of standard concepts
• We’ll discuss when to use custom development and when you
should aim for other alternatives
• We’ll introduce the most important concepts for custom
development in HR authorisations
BAdIs, custom authorisation objects, and dynamic start objects
for structural authorisation
And demonstrate business cases for each of them
3. 2
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
4. 3
A Quick Run Through Primary School
• Are a set of fields to describe user rights for certain data or
activities
• SAP standard coding checks these objects to control user rights
Authorisation Objects
• Are objects “filled in” to describe the rights of a certain user or
group
Authorisations
• Are sets of authorisations to represent a task or group of tasks
• Are assigned to users directly or through composite roles
Roles
5. 4
Standard Options for HR Authorisations
• Personnel master data and time data infotypes
• Infoytpes of HR planning and development
Basic HR
authorisations
• Controlling access along organisational structure
• Other structures of personnel planning and development, such
as the training catalogue
• For personnel planning and development and also for
personnel master data, if activated
Structural
authorisations
• Linking the two concepts above, so structural authorisations
can be used in a more differentiated way
Context-
sensitive
authorisations
6. 5
Further Authorisations Relevant to HR
• More authorisation objects can be relevant, but are not analysed
in this session
Non-HR authorisations
Authorisation objects for specific HR processes
Authorisation objects for specific countries
7. 6
Enhancement Options
• For structural authorisations, function modules can be used to
decide at which point in the structure to start
Dynamic start object
• For HR, a custom object is available that can be generated or
filled with bespoke coding
Custom authorisation object
• Available for basic objects, as well as for structural and context-
sensitive authorisations
BAdIs
8. 7
Before You Start with Custom Programming …
Make sure you understand what’s
available in SAP standard
Ask “Why do we need this” and
consider process changes
9. 8
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
10. 9
The Mother of All HR Authorisation Objects
• Authorisation Object P_ORGIN
Most widely used object to control access to employee data
Note: Cost Centre or Personnel Subarea not available
What can
you do?
For which set of
data?
For which employees?
11. 10
Using Organisational Key as a Wildcard
• Before building a custom authorisation object, if you are missing
a field in P_ORGIN, make full use of the organisational key!
SAP leaves this field free to use for whatever purpose a
customer wants to use it for
You can configure this field to be:
Free to change (from a drop-down list or free text)
Free to change with a default value
Default value not changeable
• Default values can be:
Built from other fields in Infotype 0001
E.g., cost centre or personnel subarea
Set in Master Data BAdI HRPAD00_INFTY
12. 11
Access Per Administrator: P_ORGXX
• Object P_ORGXX answers the question “which employees” are
using the administrator fields from Infotype 0001
Convenient solution if you use these fields
However, consider substitution issues!
If you don’t use these fields in your process, you could use
them as extra wild cards via BAdI HRPAD00_INFTY
For which employees?
13. 12
Access to Your Own Data: P_PERNR
• Object P_PERNR controls how users can access their own data
• Field “interpretation of assigned personnel number” is confusing
for some administrators:
I: user gets extra right for her own data beyond P_ORGIN/
P_ORGXX (usually for ESS)
E: access to user’s own data is restricted (e.g., HR staff not
allowed to change their own salary)
Think of this being two separate authorisation objects
Assigned via infotype
0105, subtype 0001
14. 13
Which of the Three Objects Are Used for
Master Data?
• Entries in T77S0 (see above) decide which objects are active
• All active objects are checked sequentially
E.g., if a user does have access to a certain record through
P_ORGIN, but not through P_ORGXX (both being active), then
access is rejected
P_PERNR can then add rights for the user’s own data or take
them away
It can never affect access to data other than the user’s own
records
15. 14
Considerations for Basic Authorisation Objects
• Infotype and subtype are not always the right level – e.g., NI
number in IT0002 is critical
• Sometimes controls based on amounts (e.g., one off payments) are
required
No field-level controls
• Dealt with by context-sensitive authorisation
No link to organisational structure
• It is often required for certain infotypes to be accessible in one
transaction or report, but not another
No link to transaction or other context data
16. 15
How Object P_ABAP Can Help in Reporting
P_ABAP deactivates
HR authorisation check (COARS = 2)
but doesn’t replace the basic authorisation to
start a report!
Tip
Often difficult to provide access to
non-critical reports (e. g., phone list)
Recommendation: 1 role with
non-critical reports for all users
17. 16
Workaround for the Amount Problem
• Problem
A user is allowed to capture a certain wage type (e.g., “medical
expenses”) in Infotype 2010, but only up to EUR 100
Infotype and wage type (= subtype) can be controlled by object
P_ORGIN or P_ORGXX, but not the amount
This would require custom programming (discussed further
down)
• Workaround
Create two different wage types
One without limit
One with a limit of EUR 100 set in configuration view V_T511
Assign the two wage types through P_ORGIN or P_ORGXX
using the subtype field accordingly
18. 17
Personnel Planning and Development: PLOG
• Object PLOG controls access to PD data per
Object type (organisational unit, job, qualification, …)
Infotype and subtype
Activity (function code), such as view, change, …
PLOG can control access per plan
variant, so “secret” planning
scenarios can be protected.
If you use only one, still use the
restriction so you don’t have to
change all roles if the requirement
for a sandbox plan comes up (it
often happens with very little
advance warning only).
19. 18
Understanding Object PLOG
• Unlike the objects for personnel master data, PLOG has no option
to restrict certain organisational units
This is due to the nature of the data, which can be jobs, as well
as courses, etc.
The only way to restrict access to parts of the organisational
structure is structural authorisation
• The function code controls:
“Standard” activities, like display and change
Bespoke activities for certain processes, like approvals or
career simulation
• Subtype field for Infotype 1001 (Relationships)
In IT1001, the subtype field represents the relationship type
Making good use of this allows very detailed controls
20. 19
Detailed Controls Using Relationship Types
• If your authorisations on personnel planning and developments
are quite differentiated, picking the right relationship types can be
challenging and require dozens of authorisations of PLOG
Whenever possible, keep it simple
You need to understand the data structure very well
Don’t forget most relationships exist in two directions (“A”
and “B”)
This example would allow a user
to assign instructors and
organisers to a course/event, but
not to book delegates
Prerequisite:
Access to instructors and
organisers
21. 20
Considerations for Authorisation Object PLOG
• Similar to problem with PA-infotypes, but not required very often
No field-level controls
• Access rights are always for all objects of a particular type
• Organisational view is checked separately by structural organisation
• Link between PLOG and structural organisation requires context-sensitive
authorisation, which is not yet available for PLOG
No organisational view
• It is often required for certain infotypes to be accessible in one transaction
or report, but not another. This is even more common here than in PA.
• In a few cases, the bespoke function codes mentioned earlier can cover
this aspect
No link to transaction or other context data
22. 21
Structural Authorisation
• Access to a section of a structure
E.g., org unit with all subordinate
units, positions, and people
• Structural profile
One or several such sections
Using evaluation paths
Defined in table T77PR
• Profiles are assigned to users
In table T77UA
• Access to data is defined in
“normal” authorisation objects
No link!
Organisational unit
Position
Person
Organisational unit
Has access to these
persons’ data
23. 22
Example: Two Structural Profiles for One User
Structural
profile:
“Time manager”
Glenn is responsible for
time management. He
may maintain time data
for the sales team.
Glenn is also a
leader of his team
and may read all
their master data
Structural
profile:
“My team”
User
24. 23
Merging Two Structural Profiles Goes Wrong
Maintain time data
+
Read master data
The sales team
+
His own team
25. 24
Context-Sensitive Authorisation Gets It Right
Structural
profile “Time
manager”
Structural
profile “own
team”
Glenn is also a
leader of his team
and may read master
data
Context
Context
Glenn is responsible for
time management. He
may maintain time data
for a special unit.
26. 25
Context Authorisation in Object P_ORGINCON
• The new field PROFL represents a structural profile
Data and actions specified can be accessed only for employees
accessible via this structural profile
This is the hitherto missing link between structural
authorisation and “normal” authorisation objects
What can
you do?
For which set of
data?
For which employees?
27. 26
Options in Context-Sensitive Authorisation
• It can be used in two standard objects:
P_ORGINCON, replacing P_ORNGIN
P_ORGXXCON, replacing P_ORGXX
• They are activated in T77S0
Switches INCON and XXCON, respectively
Switch DFCON must also be set to activate context solution
• There is no context solution for PD-Data
Authorisation object PLOG_CON exists, but is
currently not working (SAP is aware it is not working)
28. 27
So, Why Custom Programming?
Some structural
gaps in standard
authorisations
Only partially
rectified by
context solution
Custom coding
can close gaps
and streamline
processes, if used
with consideration
29. 28
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
30. 29
Structural Authorisation: Example
• Rather than creating a profile with an explicit start object for each
section of the org structure, the start object can be determined
dynamically
Organisational unit
Position
Person
Organisational unit
Has access to these
people’s data
Position
Person
User
Line Manager
Relationship, e.g.‚ is line
manager of:
31. 30
Dynamic Start Object Using Function Module
Standard function module RH_GET_ORG_ASSIGNMENT
dynamically identifies the assigned org unit
User
Person
Position
Org unit
IT 0105
Holder
Belongs to
Eval.Path
ORGASS
32. 31
More Flexibility with Custom Function Modules
• User is line manager of – function module RH_GET_MANAGER_ASSIGNMENT
• User is staff member of – function module RH_GET_ORG_ASSIGNMENT
Many users stop at standard options
• PAs capturing data for managers or whole teams
• Managers not having access more than two levels down (“grandfather
principle”)
• Other roles, like resource planners, event managers, …
Real life requirements are more diverse custom function modules
• … and a good deal of analysis and conceptual thinking
• This is arguably the least intrusive way of enhancing
You can achieve much with little custom programming
33. 32
It Can Be That Easy …
Copy function module and replace standard with your own evaluation path:
... or as complex as you want it to be
34. 33
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
35. 34
How to Use the Custom HR Authorisation
Object
• You can create as many custom objects as you like
However, they would not be checked in any standard
transactions and would, therefore, be useless except when
used in custom coding
• The special concept of P_NNNNN in HR allows you to create one
custom object, which is integrated an all relevant standard
transactions
The standard process allows you to chose fields from Infotype
0001, plus some obligatory fields
E.g., cost centre or supervisor
You can also add custom coding, e.g., to make it dynamic
36. 35
Step-by-Step Guide to P_NNNNN
Create P_NNNNN
• The real name would usually be different, starting with “Z”
• P_NNNNN is merely a placeholder for your own name
• Chose fields from Infotype 0001
Integrate P_NNNNN in standard authorisation check
• Code generation with report RPUACG00
Amend coding, if required
• Note: your amendments will be lost if code generation is repeated
Activate P_NNNNN
• Switch in table T77S0
37. 36
Step 1: Create New Object
• Transaction SU21 button “create” “Authorisation Object”
• Fill in name and chose fields
• Save new object
• Generate SAP_ALL to include the new object
Mandatory
fields
38. 37
Step 2: Generate Coding
• Report RPUACG00
Decide whether the object should be context-sensitive
Password = your user name
• Note: although this is not a modification, you’ll be asked to enter
an object key
39. 38
Step 3: Amend Coding
• You can skip this step
Then the object will just check the fields you included in the
same way P_ORGIN checks employee group, subgroup, …
• Or you can add extra logic in program MPPAUTZZ, e.g.:
Make the cost centre check dynamic, so the system is not
granting access to a fixed cost centre, but to the cost centre
assigned to the user
Perform a check depending on the transaction code
This would allow you to get around one of the major
considerations of standard authorisations
Consider a custom table with FLAs*
Right to capture IT0015 depends on the amount
* Financial authority limit
40. 39
Step 4: Activate Check
• Activation in T77S0 in the same way as standard objects are
activated
Before the activation, you should make sure it is included in all
relevant roles – otherwise, users will be completely blocked
• You may also want to amend the profile generator to include the
new object in its suggestions
41. 40
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
42. 41
BAdIs Overview
• The most widely used BAdIs are:
HRBAS00_ GET_PROFL: dynamic assignment of structural
profiles in the context solution
HRBAS00_STRUAUTH: changing structural authorisation
HRPAD00AUTH_CHECK: replacing general HR master data
check
HRBAS00_RHBAUS00: amending the report for buffering
objects in structural authorisation
HRPAD00CHECK_TIME: amending HR authorisations time logic
Further BAdIs for particular processes, such as:
Access to cost plans
Travel and Expense management
Appraisals
43. 42
Automatically Assigning Structural Profiles
If maintenance of table T77UA takes too much effort
or doesn’t fulfill the requirements
Assignment of structural profiles either from the field
PROFL or following your own logic
via BAdI HRBAS00_ GET_PROFL
No need to maintain table T77UA.
Dynamic assignment of structural profiles.
Tip
44. 43
Changing Structural Authorisations
• BAdI HRBAS00_STRUAUTH has six methods which can be used
independently or in combination with each other
• The most popular ones are:
Check_Authority_View: you can determine freely whether the
user should have access to a certain object
Check_Auth_Plan1: same, but for employees rather than other
objects
Check_Authority_Search: allows different access to objects for
users in a search function
45. 44
Business Examples
• Some users may not have any access to data of organisational units, but
should see them in a search function to perform a structural search.
Method Check_Authority_Search can do this.
Opening up search functions
• PAs may not have any access to the object type E (event), but should still
be allowed to book employees on courses. This can be done in method
Check_Authority_View.
Booking employees on courses
• You can also use method Check_Authority_View to allow a user access to
external courses only. The flag external/internal is not used by standard
authorisations, so you need the BAdI to differentiate.
Access to external courses only
46. 45
The Most Powerful of Authorisation BAdIs
BAdI HRPAD00AUTH_CHECK is very powerful, as
well as dangerous
• It can completely change the behaviour of standard PA
authorisation checks. So, in theory, you can implement any
authorisation process you want.
• As soon as the BAdI is activated without any coding changes,
no user will be able to access any HR master data
• You need to implement all methods, even if you need only one
of them for your purpose
• It is recommended to use other tools for smaller amendments,
whenever possible
• If you have various bespoke requirements, this is the right tool
47. 46
What Are All Those Methods For?
• This BAdI has 13 methods, which makes it difficult to understand
Most of them are meant to improve the performance of standard
authorisation checks
In almost all cases, the method required for custom checks is
CHECK_AUTHORIZATION
• However, when the BAdI is switched on, it is completely
replacing standard authorisation checks for PA data
Therefore, it is not enough to implement the one method only
You’d usually want all other methods to work as they would in
SAP standard, so you need to implement them accordingly
48. 47
Keeping Standard Checks Where Still Needed
• Just the normal implementation steps for BAdI HRPAD00AUTH_CHECK
Create a BAdI implementation
• Create method, e.g., “CHECK_CHECKER” as shown on next slide
Make standard checks available
• Call standard method in all method implementations
• Example on next slide shows this for method
CHECK_MAX_INFTY_AUTHORIZATION – others are to be done accordingly
Implement standard checks
• Now add your custom coding – usually in method CHECK_AUTHORIZATION
Make custom amendments
50. 49
Business Examples
• Depending on config, time evaluation may require display rights for IT0008.
The user running time needs this, but is not allowed to see IT0008 directly.
• Many reports require some data from IT0002 or IT0032, but users running
these reports should not see national insurance numbers or company car data.
So, they get access to these infotypes only in the context of these reports.
Transaction sensitivity
• PAs have access to staff in their department for info purposes, but they are not
allowed to see salary data for their own boss
Exclude some data from own manager
• Some users are allowed to change infotype 2006 max for one month into past.
The BAdI allows this without using IT0130 and constantly updating it.
Dynamic time sensitivity
51. 50
Typical Problems with This BADI
• As checks are hard coded rather than visible in roles, it is difficult to
see who’s got which rights
• Tip: using custom authorisation objects and checking them in this BAdI
improves transparency a lot
Transparency
• Whilst you often focus on one single method, it can become very
complex to manage the interdependencies of all methods in this BAdI
Interdependencies of the many methods
• Because it is so powerful, business users may get used to getting
each and every exception implemented. Eventually, this will lead to an
unmanageable level of complexity.
Anything goes attitude
52. 51
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
53. 52
Authorisations in Custom Development
• Sometimes you require a deviation from standard authorisation
checks only in the context of a custom development
In this case, it may be easier to add coding for bespoke
authorisation checks into the custom program
This avoids side effects you may have by using the BAdIs
Consider a custom authorisation object (not P_NNNNN)
Always remember that access to data is not checked by the
database, but in each program
Custom coding can, therefore, easily get around authorisations
Using logical databases makes it easier for developers to
make sure authorisations are checked, but they can still
ignore them, if they want to
54. 53
Balancing It Out
Pro Custom
Coding
Business requirements followed
very closely
They can reduce number of roles
considerably
May improve system performance
Contra Custom
Coding
Upfront cost for implementation
and test
Test effort for changes
Risk of side effects and
sceptical auditors
Long-term complexity trap
Some processes may just not
work otherwise
55. 54
Make the Substitution Test
• Requirements for more and more exceptions to be programmed in
authorisation checks can become overwhelming
• Apart from the usual discussion of cost vs. benefit, there is one
test we recommend to do with the business every time:
If we implement this bespoke, very strict
authorisation check, would then a substitution
still be able to perform this user’s task, when
he or she is off sick? Note that handing over
your password is considered a severe breach
of security guidelines.
56. 55
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
57. 56
Where to Find More Information
• Eric Wood, “How to Use Structural Authorizations for Effective HR
Strategy and Security” (HR Expert, February 2013).
• Anja Junold and Martin Esch, Authorizations in SAP ERP HCM –
Design, Implementation, and Operation (SAP PRESS, 2008).
A new edition is available in German
• www.iprocon.com/nl-en
iProCon Newsletter on SAP HCM with several authorisations
experts as regular contributors
German version available: www.iprocon.de/newsletter
• http://help.sap.com/saphelp_470/helpdata/en/e0/bdb83b5b831f3be
10000000a114084/content.htm
Simple examples for BAdI HRPAD00AUTH_CHECK
58. 57
7 Key Points to Take Home
• SAP standard authorisation checks happen primarily on infotype/
subtype and object level depending on organisational criteria
• Assigning rights on field-level or based on data content (e.g., amount
limits) or transactional context requires custom solutions
• Custom solutions can reduce the number of roles and profiles
• The custom object P_NNNNN can be generated or amended with custom
coding for more complex logic
• BAdI HRPAD00AUTH_CHECK is very powerful, but difficult to handle.
For small amendments, try to use other tools.
• Custom programs have to take care of their own authorisation checks –
ideally referring to standard checks and making use of logical databases
• It is important to strike the right balance; otherwise, complexity can
keep growing until it becomes almost impossible to make further
changes without unwanted side effects
59. 58
Your Turn!
How to contact me:
Sven Ringling
s.ringling@iprocon.com
@svenringling
Please remember to complete your session evaluation
60. 59
Disclaimer
SAP, R/3, mySAP, mySAP.com, SAP NetWeaver®, Duet®, PartnerEdge, and other SAP products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and
service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP.