SlideShare a Scribd company logo

SAP HCM Structural Authorization Overview Presentation

K
KenBowers

Structural authorization permits access to personnel data based on a user's position in the organizational structure. It is configured by creating an organizational structure, personnel records, evaluation paths, structural authorization profiles, and linking profiles to user IDs. A profile defines the objects and attributes a user can access based on their assigned root organizational unit. This can be determined dynamically using function modules or manually. The configuration is tested to restrict user access according to the organizational structure.

Business
1 of 49
SAP HCM STRUCTURAL AUTHORIZATION OVERVIEW by Ken Bowers NK Consulting Inc
Structural Authorization Defined HR Structural Authorization permit access to personnel data based on the user’s position or span of authority within the organizational structure.
Structural General Authorization Authorization Org, PD, Personnel TEM, Quals Admin TC: OOSB TC: PFCG
Structural Authorization High Level Process Configuration & Switch Settings Link Structural Create Structural Authorization Authorization Profile Evaluation Path Profile to User Id Determine Root Org Unit
STRUCTURAL AUTHORIZATIONS PROCESS FLOWCHART Dynamically PA/PD Integration Evaluation Paths Manually assign Organizational Turned Maintained assign Root Org Unit Structure “On” (T778A/ Root Org Unit (Function Module) (Org Unit/Position) (POLGI/ORGA) V_T77AW)) Structural Structural Structural Structural Auth Authorization Authorization Organizational Authorization Profiles Activated via Waiting Period Structure Profiles Dynamically Linked (TC: OOAC or (TC: OOAC or Developed Developed (TC: PD Object T77S0) T77S0) OOSP or T77PR) (IT1017) SAP User ID Employee Record SAP Program linked to PA via assigned RHPROFLO IT0105 Record IT0001 Executed SAP User ID linked Structural Auth. Manually Profile (TC: OOSB or T77UA Execute Reports to User Access Optimize Restricted Performance Based on Org Structure
PA/PD Integration “Active”
Structural Authorizations ‘Activated” Change from 0 to 1 4.6 and below Refer to OSS Note 339367 refers to OSS Note 363083 Maintenance of the switch AUTH_SW P_ORGPD to import 4.7 functionality TC: OOAC T77S0
Structural Authorizations “Activated” 4.7
Activation Options • Value 1: Org Unit Checked – No Authorization. • Value 2: Org Unit Not Checked – No Authorization. • Value 3: Org Unit Checked – Authorization • Value 4: Org Unit Not Checked - Authorization
Structural Authorizations Waiting Period
Create Organizational Structure • Transaction code PPOME • Create organizational units (object type O) • Create jobs (object type C) • Create positions (object type S) • Assign chief positions especially if the relationship A012 is being used in function modules
Create Organizational Structure
Create Personnel Master Records • All personnel require personnel number • Create IT0105, subtype 0001 record for all EE’s linking SAP user id to personnel number which is linked to the org structure • All personnel require IT0001 record
Create Personnel Master Records IT0001 IT0105
Evaluation Paths • Use SAP standard evaluation paths – SAP standard function modules read delivered evaluation paths • Create customer defined evaluation paths – Customer defined function modules specify customer defined evaluation paths
Evaluation Paths T778A V_T77AW
Create Structural Authorization Profiles • Transaction code OOSP or T77PR • Screen # 1 – Profile: Enter profile name and description – Save Structural Authorization Profile
Assign Root Org Unit Option 1: Dynamically. • Function Module: RH_GET_MANAGER_ASSIGNMENT determines the root organizational unit to which the user is assigned as Manager via the A012 chief relationship. • Assign function module in T77PR In field PFUNC
Screen # 2 T77PR When Function Module is being used, leave Object ID field “Blank” RH_GET_MANAGER_ASSIGNMENT: Determines the root org unit object to which the user is assigned as Manager via the A012 chief relationship. (Supervisor)
• Screen # 2 (Continued) – Auth Profile: Select profile for pop-up box – No.: Enter Line/Sequence/Interval numbers 5, 10, 15 …etc. – Plan version: Enter active plan. Ex. 01 – Object type: Enter object type end user will be authorized to change or display (O – Org Unit, S – Position, C – Job, P- person, and any customer defined objects) – Object ID: If assign root org unit is being used, enter org unit id value. If you are using function modules to dynamically determine the root org unit, leave this field blank – Maintenance: If checked, maintain authorization is granted for object type, if uncheck, only display authorization granted. – Evaluation Path: Enter evaluation path defined inT77UA
• Screen # 2 (Continued) – Status vector: Planning status authorization • 1 – Active • 2 – Planned • 3 – Submitted • 4 – Approved • 5 – Rejected • To grant access to Active and Planned status(s) enter “12” – Depth: Enter the number of levels from the root org unit of the org structure. – Sign: Process structural authorization top – down (+) or bottom-up (-)
• Screen # 2 (Continued) – Time period: Restrict access based on the validity period of the org structure. • D – Current Day • M – Current Month • Y – Current Year • P – Past • F – Future – Function module: • Leave this field “blank” if root org unit is defined in field “Object id” • Determine the root org unit using SAP standard or Customer defined function modules
• Screen # 2 (Continued) – Add multiple rows in this table for all PD objects the structural authorizations are permitting to change and/or display
Assign Root Org Unit Option 2: Dynamically. • Function Module: RH_GET_ORG_ASSIGNMENT determines the root organizational unit to which the user is organizationally assigned. • Assign function module in T77PR In field PFUNC
Screen # 2 T77PR A customer defined Function Module may be used RH_GET_ORG_ASSIGNMENT Determines the root organizational unit to which the user is organizationally assigned.
Assign Root Org Unit Option 3: Dynamically. • Customer Defined Function Module: – Copy and modify SAP standard function modules to specify customer defined evaluation paths • Assign function module in T77PR In field PFUNC
Assign Root Org Unit Option 4: Manually • Function Module not used. • Manual assignment of root organizational unit • Define root organizational unit in T77PR In field OBJID
Screen # 2 T77PR When Object ID is being used, leave Function Module field “Blank”
Structural Authorization Profile Completed
Link User ID to Structural Authorization Option # 1 Assign Structural Authorization to PD Object • Restrict user access based on PD objects. • Assign structural authorization defined in transaction code OOSP or T77PR by creating an IT1017 to a PD object. Example: Create IT1017 to org unit or position depending on your requirements • This is linking the structural authorization to the organizational structure. • IT1017 is required if you are going to dynamically populate T77UA by linking user id to structural authorization profile.
Assign IT1017 to Position Execute transaction code PP01 > Create PD Profiles > Assign Structural Authorization Profile
Link User ID to Structural Authorization • Execute SAP Program RHPROFL0 on a nightly or emergency basis. • Report dynamically links the user id (IT0105, Subtype 0001) to the designated structural authorization profile in T77UA based on the assignment of IT1017 to PD objects.
RHPROFL0 program report output T77UA auto populated by the RHPROFL0 program
Link User ID to Structural Authorization Option # 2 • Can be assigned “manually” • IT1017 is not necessary • Transaction code OOSB or T77UA • Ensure customizing of the table in permitted in Production client • This method is no recommended. Can be very labor intensive
Manually Link User ID to Structural Authorization Execute transaction code OOSB > Click on New Entries > Enter user id, corresponding structural authorization profile, enter start date, enter end date and click on the save icon.
Optimize Structural Authorization Performance • Manually enter user id’s in T77UU User Table for Batch Input. Stores user id in SAP memory (T77UU). Not recommended. • Dynamically add/remove user id’s in T77UU executing program RHBAUS02 based on the number of objects. • Execute nightly program RHBAUS00 to regenerate indexes saved in table INDX. • Indexes regenerated and saved in table INDX • OSS note 836478 dated 4/21/05: Display Index Report: RHAUTH_VIEW_INDX
Congratulations ! • You have completed the configuration of structural authorizations. • Do not know of any method to trace structural authorizations • Test, test user id’s for both structural authorizations and PA/PD authorization assigned to roles in TC: SU01.
Customer Defined Structural Authorizations • Use BADl: HRBAS00_STRUAUTH Customer defined logic for Structural Authorization • Use BADI: HRPAD00AUTH_CHECK, which allows the customer to input their own coding into this customer exit for HR Master Data. – Example: Restrict authorizations based on Business Area, Plant, etc.
Reporting Considerations • Customer Defined Reports: Use HR Macros in your custom program to engage structural authorizations from the LDB. If LDB is not being accessed, need to code structural authorizations in program • SAP Standard Reports: There may be some circumstances you do not want structural authorizations checked. Copy standard reports and remove authorization checks.
Lessons Learned • Keep in mind, users with new structural authorizations will not be effective until next day if RHPROFLO is ran nightly. • Remember to assign Authorization Groups to customer defined z-tables in order to maintain in Production client. • Assign all end users structural authorizations.
WHAT’S NEW IN 4.7 Transaction code SU53: Reasons for failed Structural authorizations are displayed
Context Structural Authorizations
Context Structural Authorizations
Context Structural Authorizations
Context Structural Authorizations
Context Structural Authorizations
Questions ?
Contact Information kbowers@nkconsultinginc.com 864-940-7282

Recommended

SAP D Enterprise Structure
SAP D Enterprise StructureSAP D Enterprise Structure
SAP D Enterprise Structure
Rahul fun
 
Workbench and customising request
Workbench and customising requestWorkbench and customising request
Workbench and customising request
lakshmi rajkumar
 
Sap payroll schema. functions , rules and operations – an overview
Sap payroll schema. functions , rules and operations – an overviewSap payroll schema. functions , rules and operations – an overview
Sap payroll schema. functions , rules and operations – an overviewgetsarath
 
Personnel Administration in SAP
Personnel Administration in SAPPersonnel Administration in SAP
Personnel Administration in SAP
Vishakha Kambli
 
SAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsSAP HR AND HCM Interview questions
SAP HR AND HCM Interview questions
IT LearnMore
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
Siva Pradeep Bolisetti
 
Understanding processing classes in sap
Understanding processing classes in sapUnderstanding processing classes in sap
Understanding processing classes in sapMrityunjoy Roy
 
SAP Logistics - CS - Standard Process & Configuration document
SAP Logistics - CS - Standard Process & Configuration documentSAP Logistics - CS - Standard Process & Configuration document
SAP Logistics - CS - Standard Process & Configuration document
Subhrajyoti (Subhra) Bhattacharjee
 

Recommended

SAP D Enterprise Structure
SAP D Enterprise StructureSAP D Enterprise Structure
SAP D Enterprise Structure
Rahul fun
 
Workbench and customising request
Workbench and customising requestWorkbench and customising request
Workbench and customising request
lakshmi rajkumar
 
Sap payroll schema. functions , rules and operations – an overview
Sap payroll schema. functions , rules and operations – an overviewSap payroll schema. functions , rules and operations – an overview
Sap payroll schema. functions , rules and operations – an overviewgetsarath
 
Personnel Administration in SAP
Personnel Administration in SAPPersonnel Administration in SAP
Personnel Administration in SAP
Vishakha Kambli
 
SAP HR AND HCM Interview questions
SAP HR AND HCM Interview questionsSAP HR AND HCM Interview questions
SAP HR AND HCM Interview questions
IT LearnMore
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
Siva Pradeep Bolisetti
 
Understanding processing classes in sap
Understanding processing classes in sapUnderstanding processing classes in sap
Understanding processing classes in sapMrityunjoy Roy
 
SAP Logistics - CS - Standard Process & Configuration document
SAP Logistics - CS - Standard Process & Configuration documentSAP Logistics - CS - Standard Process & Configuration document
SAP Logistics - CS - Standard Process & Configuration document
Subhrajyoti (Subhra) Bhattacharjee
 
Sap hr ppt
Sap hr pptSap hr ppt
Sap hr ppt
sterlingit
 
Automatic picking configuration in delivery in sap sd
Automatic picking configuration in delivery in sap sdAutomatic picking configuration in delivery in sap sd
Automatic picking configuration in delivery in sap sd
sarath chandran
 
Organizational Management in SAP HCM
Organizational Management in SAP HCMOrganizational Management in SAP HCM
Organizational Management in SAP HCMDivyasri_G
 
Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Anand Shanmugam
 
Creating new users and roles in sap guide
Creating new users and roles in sap guideCreating new users and roles in sap guide
Creating new users and roles in sap guide
mehboobhafz
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasks
Siva Pradeep Bolisetti
 
SAP FI Configuration guide and enduser manual
SAP FI Configuration guide and enduser manualSAP FI Configuration guide and enduser manual
SAP FI Configuration guide and enduser manual
SAP_FICO Online_training
 
Automatic vendor payment advice notes by mail
Automatic vendor payment advice notes by mailAutomatic vendor payment advice notes by mail
Automatic vendor payment advice notes by mail
SURESH BABU MUCHINTHALA
 
SAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentationSAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentation
steve4sap
 
Selection Profile in SAP PM
Selection Profile in SAP PMSelection Profile in SAP PM
Selection Profile in SAP PM
Manoj Kumar Nayak
 
Creating business group in oracle apps
Creating business group in oracle appsCreating business group in oracle apps
Creating business group in oracle apps
Gurpreet singh
 
SAP ADMINISTRATION
SAP ADMINISTRATIONSAP ADMINISTRATION
SAP ADMINISTRATION
Aly Adel
 
Session 14 validation_steps_sap
Session 14 validation_steps_sapSession 14 validation_steps_sap
Session 14 validation_steps_sap
Amitava Saha, PMP®
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
sapdocs. info
 
Rollout solution template SAP SD
Rollout solution template SAP SDRollout solution template SAP SD
Rollout solution template SAP SD
Mohammed Azhad
 
Ps training mannual ( configuration )
Ps training mannual ( configuration )Ps training mannual ( configuration )
Ps training mannual ( configuration )
Soumya De
 
Migrate Custom data/object in SAP S/4 HANA
Migrate Custom data/object in SAP S/4 HANA Migrate Custom data/object in SAP S/4 HANA
Migrate Custom data/object in SAP S/4 HANA
Ashish Saxena
 
Material master data in sap mm
Material master data in sap mmMaterial master data in sap mm
Material master data in sap mm
jayaprakash bandaru
 
Step by step lsmw tutorial
Step by step lsmw tutorialStep by step lsmw tutorial
Step by step lsmw tutorial
raonivaz
 
SAP HR - Personnel Administration
SAP HR - Personnel AdministrationSAP HR - Personnel Administration
SAP HR - Personnel Administration
Gana Respati
 
What is sap security
What is sap securityWhat is sap security
What is sap security
grconlinetraining
 
OWASP Identity Manegement
OWASP Identity ManegementOWASP Identity Manegement
OWASP Identity ManegementFlávio Silva
 

More Related Content

What's hot

Sap hr ppt
Sap hr pptSap hr ppt
Sap hr ppt
sterlingit
 
Automatic picking configuration in delivery in sap sd
Automatic picking configuration in delivery in sap sdAutomatic picking configuration in delivery in sap sd
Automatic picking configuration in delivery in sap sd
sarath chandran
 
Organizational Management in SAP HCM
Organizational Management in SAP HCMOrganizational Management in SAP HCM
Organizational Management in SAP HCMDivyasri_G
 
Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Anand Shanmugam
 
Creating new users and roles in sap guide
Creating new users and roles in sap guideCreating new users and roles in sap guide
Creating new users and roles in sap guide
mehboobhafz
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasks
Siva Pradeep Bolisetti
 
SAP FI Configuration guide and enduser manual
SAP FI Configuration guide and enduser manualSAP FI Configuration guide and enduser manual
SAP FI Configuration guide and enduser manual
SAP_FICO Online_training
 
Automatic vendor payment advice notes by mail
Automatic vendor payment advice notes by mailAutomatic vendor payment advice notes by mail
Automatic vendor payment advice notes by mail
SURESH BABU MUCHINTHALA
 
SAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentationSAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentation
steve4sap
 
Selection Profile in SAP PM
Selection Profile in SAP PMSelection Profile in SAP PM
Selection Profile in SAP PM
Manoj Kumar Nayak
 
Creating business group in oracle apps
Creating business group in oracle appsCreating business group in oracle apps
Creating business group in oracle apps
Gurpreet singh
 
SAP ADMINISTRATION
SAP ADMINISTRATIONSAP ADMINISTRATION
SAP ADMINISTRATION
Aly Adel
 
Session 14 validation_steps_sap
Session 14 validation_steps_sapSession 14 validation_steps_sap
Session 14 validation_steps_sap
Amitava Saha, PMP®
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
sapdocs. info
 
Rollout solution template SAP SD
Rollout solution template SAP SDRollout solution template SAP SD
Rollout solution template SAP SD
Mohammed Azhad
 
Ps training mannual ( configuration )
Ps training mannual ( configuration )Ps training mannual ( configuration )
Ps training mannual ( configuration )
Soumya De
 
Migrate Custom data/object in SAP S/4 HANA
Migrate Custom data/object in SAP S/4 HANA Migrate Custom data/object in SAP S/4 HANA
Migrate Custom data/object in SAP S/4 HANA
Ashish Saxena
 
Material master data in sap mm
Material master data in sap mmMaterial master data in sap mm
Material master data in sap mm
jayaprakash bandaru
 
Step by step lsmw tutorial
Step by step lsmw tutorialStep by step lsmw tutorial
Step by step lsmw tutorial
raonivaz
 
SAP HR - Personnel Administration
SAP HR - Personnel AdministrationSAP HR - Personnel Administration
SAP HR - Personnel Administration
Gana Respati
 

What's hot (20)

Sap hr ppt
Sap hr pptSap hr ppt
Sap hr ppt
 
Automatic picking configuration in delivery in sap sd
Automatic picking configuration in delivery in sap sdAutomatic picking configuration in delivery in sap sd
Automatic picking configuration in delivery in sap sd
 
Organizational Management in SAP HCM
Organizational Management in SAP HCMOrganizational Management in SAP HCM
Organizational Management in SAP HCM
 
Sap Hr Presentation 08052002
Sap Hr Presentation 08052002Sap Hr Presentation 08052002
Sap Hr Presentation 08052002
 
Creating new users and roles in sap guide
Creating new users and roles in sap guideCreating new users and roles in sap guide
Creating new users and roles in sap guide
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasks
 
SAP FI Configuration guide and enduser manual
SAP FI Configuration guide and enduser manualSAP FI Configuration guide and enduser manual
SAP FI Configuration guide and enduser manual
 
Automatic vendor payment advice notes by mail
Automatic vendor payment advice notes by mailAutomatic vendor payment advice notes by mail
Automatic vendor payment advice notes by mail
 
SAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentationSAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentation
 
Selection Profile in SAP PM
Selection Profile in SAP PMSelection Profile in SAP PM
Selection Profile in SAP PM
 
Creating business group in oracle apps
Creating business group in oracle appsCreating business group in oracle apps
Creating business group in oracle apps
 
SAP ADMINISTRATION
SAP ADMINISTRATIONSAP ADMINISTRATION
SAP ADMINISTRATION
 
Session 14 validation_steps_sap
Session 14 validation_steps_sapSession 14 validation_steps_sap
Session 14 validation_steps_sap
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
 
Rollout solution template SAP SD
Rollout solution template SAP SDRollout solution template SAP SD
Rollout solution template SAP SD
 
Ps training mannual ( configuration )
Ps training mannual ( configuration )Ps training mannual ( configuration )
Ps training mannual ( configuration )
 
Migrate Custom data/object in SAP S/4 HANA
Migrate Custom data/object in SAP S/4 HANA Migrate Custom data/object in SAP S/4 HANA
Migrate Custom data/object in SAP S/4 HANA
 
Material master data in sap mm
Material master data in sap mmMaterial master data in sap mm
Material master data in sap mm
 
Step by step lsmw tutorial
Step by step lsmw tutorialStep by step lsmw tutorial
Step by step lsmw tutorial
 
SAP HR - Personnel Administration
SAP HR - Personnel AdministrationSAP HR - Personnel Administration
SAP HR - Personnel Administration
 

Similar to SAP HCM Structural Authorization Overview Presentation

What is sap security
What is sap securityWhat is sap security
What is sap security
grconlinetraining
 
OWASP Identity Manegement
OWASP Identity ManegementOWASP Identity Manegement
OWASP Identity ManegementFlávio Silva
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
yektek
 
Hovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization conceptHovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization concept
Hovitaga Kft.
 
TFS Administration Overview
TFS Administration OverviewTFS Administration Overview
TFS Administration Overview
Steve Lange
 
SAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAININGSAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAINING
Santhosh Sap
 
Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)
pasalapudi123
 
Getting optimal performance from oracle e business suite
Getting optimal performance from oracle e business suiteGetting optimal performance from oracle e business suite
Getting optimal performance from oracle e business suite
aioughydchapter
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentation
Berry Clemens
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
Chekka Venkateshwar Rao
 
Hr structural auths
Hr structural authsHr structural auths
Hr structural authshkodali
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docx
juancusa
 
Ebs performance tune_con9030_pdf_9030_0001
Ebs performance tune_con9030_pdf_9030_0001Ebs performance tune_con9030_pdf_9030_0001
Ebs performance tune_con9030_pdf_9030_0001jucaab
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
Bob Rhubart
 
resource governor
resource governorresource governor
resource governor
Aaron Shilo
 
PivotalCRM - Resource Activity monitor
PivotalCRM - Resource Activity monitor PivotalCRM - Resource Activity monitor
PivotalCRM - Resource Activity monitor
Pivotal CRM
 
Ebs performance tune2_con9030_pdf_9030_0002
Ebs performance tune2_con9030_pdf_9030_0002Ebs performance tune2_con9030_pdf_9030_0002
Ebs performance tune2_con9030_pdf_9030_0002jucaab
 

Similar to SAP HCM Structural Authorization Overview Presentation (20)

What is sap security
What is sap securityWhat is sap security
What is sap security
 
OWASP Identity Manegement
OWASP Identity ManegementOWASP Identity Manegement
OWASP Identity Manegement
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
 
Hovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization conceptHovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization concept
 
TFS Administration Overview
TFS Administration OverviewTFS Administration Overview
TFS Administration Overview
 
SAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAININGSAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAINING
 
Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)Getting optimal performance from oracle e business suite(aioug aug2015)
Getting optimal performance from oracle e business suite(aioug aug2015)
 
Getting optimal performance from oracle e business suite
Getting optimal performance from oracle e business suiteGetting optimal performance from oracle e business suite
Getting optimal performance from oracle e business suite
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentation
 
Sap plant maintenance
Sap plant maintenanceSap plant maintenance
Sap plant maintenance
 
Oracle Identity Manager Basics
Oracle Identity Manager BasicsOracle Identity Manager Basics
Oracle Identity Manager Basics
 
Hr structural auths
Hr structural authsHr structural auths
Hr structural auths
 
OPTI Optimizer
OPTI OptimizerOPTI Optimizer
OPTI Optimizer
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docx
 
Ebs performance tune_con9030_pdf_9030_0001
Ebs performance tune_con9030_pdf_9030_0001Ebs performance tune_con9030_pdf_9030_0001
Ebs performance tune_con9030_pdf_9030_0001
 
21st Century Service Oriented Architecture
21st Century Service Oriented Architecture21st Century Service Oriented Architecture
21st Century Service Oriented Architecture
 
resource governor
resource governorresource governor
resource governor
 
Sarbanes-Oxley (SOX) Solution
Sarbanes-Oxley (SOX) Solution Sarbanes-Oxley (SOX) Solution
Sarbanes-Oxley (SOX) Solution
 
PivotalCRM - Resource Activity monitor
PivotalCRM - Resource Activity monitor PivotalCRM - Resource Activity monitor
PivotalCRM - Resource Activity monitor
 
Ebs performance tune2_con9030_pdf_9030_0002
Ebs performance tune2_con9030_pdf_9030_0002Ebs performance tune2_con9030_pdf_9030_0002
Ebs performance tune2_con9030_pdf_9030_0002
 

Recently uploaded

amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
HARSHITHV26
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdfBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
daothibichhang1
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
daothibichhang1
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 

Recently uploaded (20)

amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdfBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 

SAP HCM Structural Authorization Overview Presentation

  • 1. SAP HCM STRUCTURAL AUTHORIZATION OVERVIEW by Ken Bowers NK Consulting Inc
  • 2. Structural Authorization Defined HR Structural Authorization permit access to personnel data based on the user’s position or span of authority within the organizational structure.
  • 3. Structural General Authorization Authorization Org, PD, Personnel TEM, Quals Admin TC: OOSB TC: PFCG
  • 4. Structural Authorization High Level Process Configuration & Switch Settings Link Structural Create Structural Authorization Authorization Profile Evaluation Path Profile to User Id Determine Root Org Unit
  • 5. STRUCTURAL AUTHORIZATIONS PROCESS FLOWCHART Dynamically PA/PD Integration Evaluation Paths Manually assign Organizational Turned Maintained assign Root Org Unit Structure “On” (T778A/ Root Org Unit (Function Module) (Org Unit/Position) (POLGI/ORGA) V_T77AW)) Structural Structural Structural Structural Auth Authorization Authorization Organizational Authorization Profiles Activated via Waiting Period Structure Profiles Dynamically Linked (TC: OOAC or (TC: OOAC or Developed Developed (TC: PD Object T77S0) T77S0) OOSP or T77PR) (IT1017) SAP User ID Employee Record SAP Program linked to PA via assigned RHPROFLO IT0105 Record IT0001 Executed SAP User ID linked Structural Auth. Manually Profile (TC: OOSB or T77UA Execute Reports to User Access Optimize Restricted Performance Based on Org Structure
  • 7. Structural Authorizations ‘Activated” Change from 0 to 1 4.6 and below Refer to OSS Note 339367 refers to OSS Note 363083 Maintenance of the switch AUTH_SW P_ORGPD to import 4.7 functionality TC: OOAC T77S0
  • 8. Structural Authorizations “Activated” 4.7
  • 9. Activation Options • Value 1: Org Unit Checked – No Authorization. • Value 2: Org Unit Not Checked – No Authorization. • Value 3: Org Unit Checked – Authorization • Value 4: Org Unit Not Checked - Authorization
  • 10. Structural Authorizations Waiting Period
  • 11. Create Organizational Structure • Transaction code PPOME • Create organizational units (object type O) • Create jobs (object type C) • Create positions (object type S) • Assign chief positions especially if the relationship A012 is being used in function modules
  • 13. Create Personnel Master Records • All personnel require personnel number • Create IT0105, subtype 0001 record for all EE’s linking SAP user id to personnel number which is linked to the org structure • All personnel require IT0001 record
  • 14. Create Personnel Master Records IT0001 IT0105
  • 15. Evaluation Paths • Use SAP standard evaluation paths – SAP standard function modules read delivered evaluation paths • Create customer defined evaluation paths – Customer defined function modules specify customer defined evaluation paths
  • 16. Evaluation Paths T778A V_T77AW
  • 17. Create Structural Authorization Profiles • Transaction code OOSP or T77PR • Screen # 1 – Profile: Enter profile name and description – Save Structural Authorization Profile
  • 18. Assign Root Org Unit Option 1: Dynamically. • Function Module: RH_GET_MANAGER_ASSIGNMENT determines the root organizational unit to which the user is assigned as Manager via the A012 chief relationship. • Assign function module in T77PR In field PFUNC
  • 19. Screen # 2 T77PR When Function Module is being used, leave Object ID field “Blank” RH_GET_MANAGER_ASSIGNMENT: Determines the root org unit object to which the user is assigned as Manager via the A012 chief relationship. (Supervisor)
  • 20. • Screen # 2 (Continued) – Auth Profile: Select profile for pop-up box – No.: Enter Line/Sequence/Interval numbers 5, 10, 15 …etc. – Plan version: Enter active plan. Ex. 01 – Object type: Enter object type end user will be authorized to change or display (O – Org Unit, S – Position, C – Job, P- person, and any customer defined objects) – Object ID: If assign root org unit is being used, enter org unit id value. If you are using function modules to dynamically determine the root org unit, leave this field blank – Maintenance: If checked, maintain authorization is granted for object type, if uncheck, only display authorization granted. – Evaluation Path: Enter evaluation path defined inT77UA
  • 21. • Screen # 2 (Continued) – Status vector: Planning status authorization • 1 – Active • 2 – Planned • 3 – Submitted • 4 – Approved • 5 – Rejected • To grant access to Active and Planned status(s) enter “12” – Depth: Enter the number of levels from the root org unit of the org structure. – Sign: Process structural authorization top – down (+) or bottom-up (-)
  • 22. • Screen # 2 (Continued) – Time period: Restrict access based on the validity period of the org structure. • D – Current Day • M – Current Month • Y – Current Year • P – Past • F – Future – Function module: • Leave this field “blank” if root org unit is defined in field “Object id” • Determine the root org unit using SAP standard or Customer defined function modules
  • 23. • Screen # 2 (Continued) – Add multiple rows in this table for all PD objects the structural authorizations are permitting to change and/or display
  • 24. Assign Root Org Unit Option 2: Dynamically. • Function Module: RH_GET_ORG_ASSIGNMENT determines the root organizational unit to which the user is organizationally assigned. • Assign function module in T77PR In field PFUNC
  • 25. Screen # 2 T77PR A customer defined Function Module may be used RH_GET_ORG_ASSIGNMENT Determines the root organizational unit to which the user is organizationally assigned.
  • 26. Assign Root Org Unit Option 3: Dynamically. • Customer Defined Function Module: – Copy and modify SAP standard function modules to specify customer defined evaluation paths • Assign function module in T77PR In field PFUNC
  • 27. Assign Root Org Unit Option 4: Manually • Function Module not used. • Manual assignment of root organizational unit • Define root organizational unit in T77PR In field OBJID
  • 28. Screen # 2 T77PR When Object ID is being used, leave Function Module field “Blank”
  • 30. Link User ID to Structural Authorization Option # 1 Assign Structural Authorization to PD Object • Restrict user access based on PD objects. • Assign structural authorization defined in transaction code OOSP or T77PR by creating an IT1017 to a PD object. Example: Create IT1017 to org unit or position depending on your requirements • This is linking the structural authorization to the organizational structure. • IT1017 is required if you are going to dynamically populate T77UA by linking user id to structural authorization profile.
  • 31. Assign IT1017 to Position Execute transaction code PP01 > Create PD Profiles > Assign Structural Authorization Profile
  • 32. Link User ID to Structural Authorization • Execute SAP Program RHPROFL0 on a nightly or emergency basis. • Report dynamically links the user id (IT0105, Subtype 0001) to the designated structural authorization profile in T77UA based on the assignment of IT1017 to PD objects.
  • 33.
  • 34. RHPROFL0 program report output T77UA auto populated by the RHPROFL0 program
  • 35. Link User ID to Structural Authorization Option # 2 • Can be assigned “manually” • IT1017 is not necessary • Transaction code OOSB or T77UA • Ensure customizing of the table in permitted in Production client • This method is no recommended. Can be very labor intensive
  • 36. Manually Link User ID to Structural Authorization Execute transaction code OOSB > Click on New Entries > Enter user id, corresponding structural authorization profile, enter start date, enter end date and click on the save icon.
  • 37. Optimize Structural Authorization Performance • Manually enter user id’s in T77UU User Table for Batch Input. Stores user id in SAP memory (T77UU). Not recommended. • Dynamically add/remove user id’s in T77UU executing program RHBAUS02 based on the number of objects. • Execute nightly program RHBAUS00 to regenerate indexes saved in table INDX. • Indexes regenerated and saved in table INDX • OSS note 836478 dated 4/21/05: Display Index Report: RHAUTH_VIEW_INDX
  • 38. Congratulations ! • You have completed the configuration of structural authorizations. • Do not know of any method to trace structural authorizations • Test, test user id’s for both structural authorizations and PA/PD authorization assigned to roles in TC: SU01.
  • 39. Customer Defined Structural Authorizations • Use BADl: HRBAS00_STRUAUTH Customer defined logic for Structural Authorization • Use BADI: HRPAD00AUTH_CHECK, which allows the customer to input their own coding into this customer exit for HR Master Data. – Example: Restrict authorizations based on Business Area, Plant, etc.
  • 40. Reporting Considerations • Customer Defined Reports: Use HR Macros in your custom program to engage structural authorizations from the LDB. If LDB is not being accessed, need to code structural authorizations in program • SAP Standard Reports: There may be some circumstances you do not want structural authorizations checked. Copy standard reports and remove authorization checks.
  • 41. Lessons Learned • Keep in mind, users with new structural authorizations will not be effective until next day if RHPROFLO is ran nightly. • Remember to assign Authorization Groups to customer defined z-tables in order to maintain in Production client. • Assign all end users structural authorizations.
  • 42. WHAT’S NEW IN 4.7 Transaction code SU53: Reasons for failed Structural authorizations are displayed

Editor's Notes

  1. 3 = If employee is not assigned to an org unit, the user has access. 4 = Access is granted.
  2. When function module is being used, leave object id field “blank”. When using the Object id field, leave the Function Module Field “blank”.
  3. .