SlideShare a Scribd company logo

Optimising SAP HR Authorisation by using custom development incl. BAdIs

Sven Ringling
Sven RinglingDigital HR Advisor and Director Germany at Adessa Group

Explaining concepts for SAP HCM authorisations to - make it more dynamic - reduce the number or roles - implement very bespoke requirements using BAdIs, custom authorisation objects, dynamic structural authorisation and further tips

Optimising SAP HR Authorisation by using custom development incl. BAdIs

Sven Ringling
Sven RinglingDigital HR Advisor and Director Germany at Adessa Group

Explaining concepts for SAP HCM authorisations to - make it more dynamic - reduce the number or roles - implement very bespoke requirements using BAdIs, custom authorisation objects, dynamic structural authorisation and further tips

Optimising SAP HR Authorisation by using custom development incl. BAdIs

1 of 60
Download to read offline
© Copyright 2014
Wellesley Information Services, Inc.
All rights reserved.
When and How to Use
Custom Development to
Optimise SAP ERP HCM
Authorisations
Sven Ringling
iProCon
1
In This Session
• We’ll walk through the most important standard concepts of HR
authorisations
 To demonstrate what they can and can’t do and, thus leading to
improvement opportunities through custom development
 We will not discuss each and every detail of standard concepts
• We’ll discuss when to use custom development and when you
should aim for other alternatives
• We’ll introduce the most important concepts for custom
development in HR authorisations
 BAdIs, custom authorisation objects, and dynamic start objects
for structural authorisation
 And demonstrate business cases for each of them
2
What We’ll Cover
• Overview: out-of-the-box concepts and enhancement options
• Standard objects, structural and context-sensitive authorisations
• Making structural authorisations more dynamic
• Using a custom authorisations object
• Using BAdIs: (almost) everything is possible
• Striking the right balance: keep customization to a minimum
• Wrap-up
3
A Quick Run Through Primary School
• Are a set of fields to describe user rights for certain data or
activities
• SAP standard coding checks these objects to control user rights
Authorisation Objects
• Are objects “filled in” to describe the rights of a certain user or
group
Authorisations
• Are sets of authorisations to represent a task or group of tasks
• Are assigned to users directly or through composite roles
Roles
4
Standard Options for HR Authorisations
• Personnel master data and time data infotypes
• Infoytpes of HR planning and development
Basic HR
authorisations
• Controlling access along organisational structure
• Other structures of personnel planning and development, such
as the training catalogue
• For personnel planning and development and also for
personnel master data, if activated
Structural
authorisations
• Linking the two concepts above, so structural authorisations
can be used in a more differentiated way
Context-
sensitive
authorisations
5
Further Authorisations Relevant to HR
• More authorisation objects can be relevant, but are not analysed
in this session
 Non-HR authorisations
 Authorisation objects for specific HR processes
 Authorisation objects for specific countries

Recommended

SAP HCM Structural Authorization Overview Presentation
SAP HCM Structural Authorization Overview PresentationSAP HCM Structural Authorization Overview Presentation
SAP HCM Structural Authorization Overview PresentationKenBowers
 
Personnel Administration in SAP
Personnel Administration in SAPPersonnel Administration in SAP
Personnel Administration in SAPVishakha Kambli
 
SAP HR - Personnel Administration
SAP HR - Personnel AdministrationSAP HR - Personnel Administration
SAP HR - Personnel AdministrationGana Respati
 
Payroll configuration
Payroll configurationPayroll configuration
Payroll configurationgayathri166
 
Understanding processing classes in sap
Understanding processing classes in sapUnderstanding processing classes in sap
Understanding processing classes in sapMrityunjoy Roy
 
Sap payroll schema. functions , rules and operations – an overview
Sap payroll schema. functions , rules and operations – an overviewSap payroll schema. functions , rules and operations – an overview
Sap payroll schema. functions , rules and operations – an overviewgetsarath
 

More Related Content

What's hot

SAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentationSAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentationsteve4sap
 
Us payroll configuration
Us payroll configurationUs payroll configuration
Us payroll configurationgayathri166
 
Mr11 grir clearing account maintenance
Mr11 grir clearing account maintenanceMr11 grir clearing account maintenance
Mr11 grir clearing account maintenanceFarooq Wangde
 
Sap hr overview 58 slides
Sap hr overview 58 slidesSap hr overview 58 slides
Sap hr overview 58 slidesBunty Jain
 
Steps to generate absence quotas
Steps to generate absence quotasSteps to generate absence quotas
Steps to generate absence quotasChandramohan Kadgi
 
Time evaluation rptime00 report
Time evaluation rptime00 reportTime evaluation rptime00 report
Time evaluation rptime00 reportjakkanna9
 
SAP HCM Overview - ITChamps Software Private Limited
SAP HCM Overview - ITChamps Software Private LimitedSAP HCM Overview - ITChamps Software Private Limited
SAP HCM Overview - ITChamps Software Private LimitedITChamps Software Pvt. Ltd
 
HR ABAP Technical Overview | http://sapdocs.info/
HR ABAP Technical Overview | http://sapdocs.info/HR ABAP Technical Overview | http://sapdocs.info/
HR ABAP Technical Overview | http://sapdocs.info/Y. Z. MERCAN
 
inter-company-reconciliation in SAP
inter-company-reconciliation in SAPinter-company-reconciliation in SAP
inter-company-reconciliation in SAPRajeev Kumar
 
SAP ABAP HR TRAINING
SAP ABAP HR TRAININGSAP ABAP HR TRAINING
SAP ABAP HR TRAININGJoshiRavin
 
Sap hcm payroll concept - Best SAP HR Training Institute in Pune
Sap hcm payroll concept - Best SAP HR Training Institute in PuneSap hcm payroll concept - Best SAP HR Training Institute in Pune
Sap hcm payroll concept - Best SAP HR Training Institute in PuneAspire Techsoft Pvt Ltd
 
Sap Purchase Order Workflow
Sap Purchase Order WorkflowSap Purchase Order Workflow
Sap Purchase Order WorkflowArghadip Kar
 
Sap bw4 hana architecture archetypes
Sap bw4 hana architecture archetypesSap bw4 hana architecture archetypes
Sap bw4 hana architecture archetypesLuc Vanrobays
 

What's hot (20)

Payroll Basics
Payroll Basics Payroll Basics
Payroll Basics
 
Sap time management
Sap time managementSap time management
Sap time management
 
SAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentationSAP HCM - Organization Management end user presentation
SAP HCM - Organization Management end user presentation
 
SAP HR Configuration Guide
SAP HR Configuration Guide SAP HR Configuration Guide
SAP HR Configuration Guide
 
Us payroll configuration
Us payroll configurationUs payroll configuration
Us payroll configuration
 
Mr11 grir clearing account maintenance
Mr11 grir clearing account maintenanceMr11 grir clearing account maintenance
Mr11 grir clearing account maintenance
 
HR ABAP
HR ABAPHR ABAP
HR ABAP
 
Sap hr overview 58 slides
Sap hr overview 58 slidesSap hr overview 58 slides
Sap hr overview 58 slides
 
Steps to generate absence quotas
Steps to generate absence quotasSteps to generate absence quotas
Steps to generate absence quotas
 
Time evaluation rptime00 report
Time evaluation rptime00 reportTime evaluation rptime00 report
Time evaluation rptime00 report
 
SAP HCM Overview - ITChamps Software Private Limited
SAP HCM Overview - ITChamps Software Private LimitedSAP HCM Overview - ITChamps Software Private Limited
SAP HCM Overview - ITChamps Software Private Limited
 
Payroll QRGv2
Payroll QRGv2Payroll QRGv2
Payroll QRGv2
 
HR ABAP Technical Overview | http://sapdocs.info/
HR ABAP Technical Overview | http://sapdocs.info/HR ABAP Technical Overview | http://sapdocs.info/
HR ABAP Technical Overview | http://sapdocs.info/
 
inter-company-reconciliation in SAP
inter-company-reconciliation in SAPinter-company-reconciliation in SAP
inter-company-reconciliation in SAP
 
SAP ABAP HR TRAINING
SAP ABAP HR TRAININGSAP ABAP HR TRAINING
SAP ABAP HR TRAINING
 
Sap hcm payroll concept - Best SAP HR Training Institute in Pune
Sap hcm payroll concept - Best SAP HR Training Institute in PuneSap hcm payroll concept - Best SAP HR Training Institute in Pune
Sap hcm payroll concept - Best SAP HR Training Institute in Pune
 
Fi tds report
Fi tds reportFi tds report
Fi tds report
 
Sap Purchase Order Workflow
Sap Purchase Order WorkflowSap Purchase Order Workflow
Sap Purchase Order Workflow
 
SAP ECC to S/4HANA Move
SAP ECC to S/4HANA MoveSAP ECC to S/4HANA Move
SAP ECC to S/4HANA Move
 
Sap bw4 hana architecture archetypes
Sap bw4 hana architecture archetypesSap bw4 hana architecture archetypes
Sap bw4 hana architecture archetypes
 

Similar to Optimising SAP HR Authorisation by using custom development incl. BAdIs

Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiamagnificsmile
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiamagnifics
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiamagnificsmily
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiamagnificsha
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiamagnificsairam
 
Sap hcm online training
Sap hcm online training Sap hcm online training
Sap hcm online training saptrmit
 
SPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_FinalSPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_FinalCurtis Weldon
 
SPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_FinalSPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_FinalCurtis Weldon
 
Requirement assessment technique approach
Requirement assessment technique approachRequirement assessment technique approach
Requirement assessment technique approachDeny Prasetia
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityHorst Walther
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSmart ERP Solutions, Inc.
 
Hr technology landscape overview
Hr technology landscape overviewHr technology landscape overview
Hr technology landscape overviewIno Waas
 
Q2 2018 (1805) Release Preview
Q2 2018 (1805) Release PreviewQ2 2018 (1805) Release Preview
Q2 2018 (1805) Release PreviewChristoph Pohl
 
HR Software - Find Your Match
HR Software - Find Your MatchHR Software - Find Your Match
HR Software - Find Your MatchCascadeHR
 
Who Does What, When, and How for a Divestiture?
Who Does What, When, and How for a Divestiture?Who Does What, When, and How for a Divestiture?
Who Does What, When, and How for a Divestiture?eprentise
 
Enterprise Analysis
Enterprise AnalysisEnterprise Analysis
Enterprise AnalysisSunil-QA
 
HR ABAP Programming Training Material | http://sapdocs.info
HR ABAP Programming Training Material | http://sapdocs.infoHR ABAP Programming Training Material | http://sapdocs.info
HR ABAP Programming Training Material | http://sapdocs.infoY. Z. MERCAN
 
LeanIX Virtual Workspaces
LeanIX Virtual WorkspacesLeanIX Virtual Workspaces
LeanIX Virtual WorkspacesLeanIX GmbH
 
Software System Engineering - Chapter 13
Software System Engineering - Chapter 13Software System Engineering - Chapter 13
Software System Engineering - Chapter 13Fadhil Ismail
 

Similar to Optimising SAP HR Authorisation by using custom development incl. BAdIs (20)

Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,india
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,india
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,india
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,india
 
Sap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,indiaSap hcm online and remote based training in usa,uk,india
Sap hcm online and remote based training in usa,uk,india
 
Sap hcm online training
Sap hcm online training Sap hcm online training
Sap hcm online training
 
SPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_FinalSPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_Final
 
SPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_FinalSPI_Conference_Handling Breakups to Save Future Headaches_Final
SPI_Conference_Handling Breakups to Save Future Headaches_Final
 
Business analyst
Business analystBusiness analyst
Business analyst
 
Requirement assessment technique approach
Requirement assessment technique approachRequirement assessment technique approach
Requirement assessment technique approach
 
Identity & Access Governance versus Process Agility
Identity & Access Governance versus Process AgilityIdentity & Access Governance versus Process Agility
Identity & Access Governance versus Process Agility
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
 
Hr technology landscape overview
Hr technology landscape overviewHr technology landscape overview
Hr technology landscape overview
 
Q2 2018 (1805) Release Preview
Q2 2018 (1805) Release PreviewQ2 2018 (1805) Release Preview
Q2 2018 (1805) Release Preview
 
HR Software - Find Your Match
HR Software - Find Your MatchHR Software - Find Your Match
HR Software - Find Your Match
 
Who Does What, When, and How for a Divestiture?
Who Does What, When, and How for a Divestiture?Who Does What, When, and How for a Divestiture?
Who Does What, When, and How for a Divestiture?
 
Enterprise Analysis
Enterprise AnalysisEnterprise Analysis
Enterprise Analysis
 
HR ABAP Programming Training Material | http://sapdocs.info
HR ABAP Programming Training Material | http://sapdocs.infoHR ABAP Programming Training Material | http://sapdocs.info
HR ABAP Programming Training Material | http://sapdocs.info
 
LeanIX Virtual Workspaces
LeanIX Virtual WorkspacesLeanIX Virtual Workspaces
LeanIX Virtual Workspaces
 
Software System Engineering - Chapter 13
Software System Engineering - Chapter 13Software System Engineering - Chapter 13
Software System Engineering - Chapter 13
 

More from Sven Ringling

Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?
Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?
Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?Sven Ringling
 
Concur vs SAP on premise Travel Management
Concur vs SAP on premise Travel ManagementConcur vs SAP on premise Travel Management
Concur vs SAP on premise Travel ManagementSven Ringling
 
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...Sven Ringling
 
SAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySven Ringling
 
Managing cost and realising benefits from your SAP HCM or other HR system
Managing cost and realising benefits from your SAP HCM or other HR systemManaging cost and realising benefits from your SAP HCM or other HR system
Managing cost and realising benefits from your SAP HCM or other HR systemSven Ringling
 
Managing Change in International SAP HCM Projects
Managing Change in International SAP HCM ProjectsManaging Change in International SAP HCM Projects
Managing Change in International SAP HCM ProjectsSven Ringling
 
Right Sourcing: The Role of HR in Creating Shareholder Value
Right Sourcing: The Role of HR in Creating Shareholder ValueRight Sourcing: The Role of HR in Creating Shareholder Value
Right Sourcing: The Role of HR in Creating Shareholder ValueSven Ringling
 

More from Sven Ringling (7)

Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?
Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?
Liebe Personalabteilung, Was ist Euer Beitrag zur Digitalen Transformation?
 
Concur vs SAP on premise Travel Management
Concur vs SAP on premise Travel ManagementConcur vs SAP on premise Travel Management
Concur vs SAP on premise Travel Management
 
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...
SAP HR new Feature: Personnel (Sub)Areas and Employee (Sub)Groups Come with V...
 
SAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data security
 
Managing cost and realising benefits from your SAP HCM or other HR system
Managing cost and realising benefits from your SAP HCM or other HR systemManaging cost and realising benefits from your SAP HCM or other HR system
Managing cost and realising benefits from your SAP HCM or other HR system
 
Managing Change in International SAP HCM Projects
Managing Change in International SAP HCM ProjectsManaging Change in International SAP HCM Projects
Managing Change in International SAP HCM Projects
 
Right Sourcing: The Role of HR in Creating Shareholder Value
Right Sourcing: The Role of HR in Creating Shareholder ValueRight Sourcing: The Role of HR in Creating Shareholder Value
Right Sourcing: The Role of HR in Creating Shareholder Value
 

Recently uploaded

Wait Storyboard.pptx
Wait Storyboard.pptxWait Storyboard.pptx
Wait Storyboard.pptxehclark63
 
Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...
Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...
Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...Bloomerang
 
Generative AI Business Transformation
Generative AI Business TransformationGenerative AI Business Transformation
Generative AI Business TransformationVijayananda Mohire
 
Transactions Start to Finish
Transactions Start to FinishTransactions Start to Finish
Transactions Start to FinishBloomerang
 
3D PRINTER technology by sultana.pptx
3D PRINTER technology by sultana.pptx3D PRINTER technology by sultana.pptx
3D PRINTER technology by sultana.pptxriyasathalikhan03
 
Java 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of InnovationsJava 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of InnovationsAna-Maria Mihalceanu
 
Dolphin Latest Data Recovery Tools and Features 2024
Dolphin Latest Data Recovery Tools and Features 2024Dolphin Latest Data Recovery Tools and Features 2024
Dolphin Latest Data Recovery Tools and Features 2024Dolphin Data Lab
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsPrecisely
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
iasw-cad-drawings-FINAL.pptx
iasw-cad-drawings-FINAL.pptxiasw-cad-drawings-FINAL.pptx
iasw-cad-drawings-FINAL.pptxehclark63
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThousandEyes
 
Lightning Network Integrations in Unity
Lightning Network Integrations in UnityLightning Network Integrations in Unity
Lightning Network Integrations in UnityLUCA VAJANI
 
Software Quality Management.pptx
Software Quality Management.pptxSoftware Quality Management.pptx
Software Quality Management.pptxAbhishek Prasoon
 
Easy path to machine learning (2023-2024)
Easy path to machine learning (2023-2024)Easy path to machine learning (2023-2024)
Easy path to machine learning (2023-2024)wesley chun
 
C++ In One Day_Nho Vĩnh Share
C++ In One Day_Nho Vĩnh ShareC++ In One Day_Nho Vĩnh Share
C++ In One Day_Nho Vĩnh ShareNho Vĩnh
 
Accelerating Forklift Sales: Mastering CPQ with CRM & LiftNet Integration
Accelerating Forklift Sales: Mastering CPQ with CRM & LiftNet IntegrationAccelerating Forklift Sales: Mastering CPQ with CRM & LiftNet Integration
Accelerating Forklift Sales: Mastering CPQ with CRM & LiftNet IntegrationBrainSell Technologies
 
scale-model-slides-v1
scale-model-slides-v1scale-model-slides-v1
scale-model-slides-v1ehclark63
 
Boost developer effectiveness with a Java Platform team - Utrecht JUG
Boost developer effectiveness with a Java Platform team - Utrecht JUGBoost developer effectiveness with a Java Platform team - Utrecht JUG
Boost developer effectiveness with a Java Platform team - Utrecht JUGRick Ossendrijver
 
Python-Yesterday Today Tomorrow(What's new?)
Python-Yesterday Today Tomorrow(What's new?)Python-Yesterday Today Tomorrow(What's new?)
Python-Yesterday Today Tomorrow(What's new?)Mohan Arumugam
 
iNGENIOUS-Standardization-Workshop_2024-01-17.pdf
iNGENIOUS-Standardization-Workshop_2024-01-17.pdfiNGENIOUS-Standardization-Workshop_2024-01-17.pdf
iNGENIOUS-Standardization-Workshop_2024-01-17.pdfiNGENIOUSIoT
 

Recently uploaded (20)

Wait Storyboard.pptx
Wait Storyboard.pptxWait Storyboard.pptx
Wait Storyboard.pptx
 
Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...
Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...
Nonprofit Email Marketing in 2024: Accelerate Success on the Most Effective C...
 
Generative AI Business Transformation
Generative AI Business TransformationGenerative AI Business Transformation
Generative AI Business Transformation
 
Transactions Start to Finish
Transactions Start to FinishTransactions Start to Finish
Transactions Start to Finish
 
3D PRINTER technology by sultana.pptx
3D PRINTER technology by sultana.pptx3D PRINTER technology by sultana.pptx
3D PRINTER technology by sultana.pptx
 
Java 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of InnovationsJava 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of Innovations
 
Dolphin Latest Data Recovery Tools and Features 2024
Dolphin Latest Data Recovery Tools and Features 2024Dolphin Latest Data Recovery Tools and Features 2024
Dolphin Latest Data Recovery Tools and Features 2024
 
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and ConsMigrating IBM i Systems to the Cloud: Exploring the Pros and Cons
Migrating IBM i Systems to the Cloud: Exploring the Pros and Cons
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
iasw-cad-drawings-FINAL.pptx
iasw-cad-drawings-FINAL.pptxiasw-cad-drawings-FINAL.pptx
iasw-cad-drawings-FINAL.pptx
 
The Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and TakeawaysThe Top Outages of 2023: Analysis and Takeaways
The Top Outages of 2023: Analysis and Takeaways
 
Lightning Network Integrations in Unity
Lightning Network Integrations in UnityLightning Network Integrations in Unity
Lightning Network Integrations in Unity
 
Software Quality Management.pptx
Software Quality Management.pptxSoftware Quality Management.pptx
Software Quality Management.pptx
 
Easy path to machine learning (2023-2024)
Easy path to machine learning (2023-2024)Easy path to machine learning (2023-2024)
Easy path to machine learning (2023-2024)
 
C++ In One Day_Nho Vĩnh Share
C++ In One Day_Nho Vĩnh ShareC++ In One Day_Nho Vĩnh Share
C++ In One Day_Nho Vĩnh Share
 
Accelerating Forklift Sales: Mastering CPQ with CRM & LiftNet Integration
Accelerating Forklift Sales: Mastering CPQ with CRM & LiftNet IntegrationAccelerating Forklift Sales: Mastering CPQ with CRM & LiftNet Integration
Accelerating Forklift Sales: Mastering CPQ with CRM & LiftNet Integration
 
scale-model-slides-v1
scale-model-slides-v1scale-model-slides-v1
scale-model-slides-v1
 
Boost developer effectiveness with a Java Platform team - Utrecht JUG
Boost developer effectiveness with a Java Platform team - Utrecht JUGBoost developer effectiveness with a Java Platform team - Utrecht JUG
Boost developer effectiveness with a Java Platform team - Utrecht JUG
 
Python-Yesterday Today Tomorrow(What's new?)
Python-Yesterday Today Tomorrow(What's new?)Python-Yesterday Today Tomorrow(What's new?)
Python-Yesterday Today Tomorrow(What's new?)
 
iNGENIOUS-Standardization-Workshop_2024-01-17.pdf
iNGENIOUS-Standardization-Workshop_2024-01-17.pdfiNGENIOUS-Standardization-Workshop_2024-01-17.pdf
iNGENIOUS-Standardization-Workshop_2024-01-17.pdf
 

Optimising SAP HR Authorisation by using custom development incl. BAdIs

  • 1. © Copyright 2014 Wellesley Information Services, Inc. All rights reserved. When and How to Use Custom Development to Optimise SAP ERP HCM Authorisations Sven Ringling iProCon
  • 2. 1 In This Session • We’ll walk through the most important standard concepts of HR authorisations  To demonstrate what they can and can’t do and, thus leading to improvement opportunities through custom development  We will not discuss each and every detail of standard concepts • We’ll discuss when to use custom development and when you should aim for other alternatives • We’ll introduce the most important concepts for custom development in HR authorisations  BAdIs, custom authorisation objects, and dynamic start objects for structural authorisation  And demonstrate business cases for each of them
  • 3. 2 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 4. 3 A Quick Run Through Primary School • Are a set of fields to describe user rights for certain data or activities • SAP standard coding checks these objects to control user rights Authorisation Objects • Are objects “filled in” to describe the rights of a certain user or group Authorisations • Are sets of authorisations to represent a task or group of tasks • Are assigned to users directly or through composite roles Roles
  • 5. 4 Standard Options for HR Authorisations • Personnel master data and time data infotypes • Infoytpes of HR planning and development Basic HR authorisations • Controlling access along organisational structure • Other structures of personnel planning and development, such as the training catalogue • For personnel planning and development and also for personnel master data, if activated Structural authorisations • Linking the two concepts above, so structural authorisations can be used in a more differentiated way Context- sensitive authorisations
  • 6. 5 Further Authorisations Relevant to HR • More authorisation objects can be relevant, but are not analysed in this session  Non-HR authorisations  Authorisation objects for specific HR processes  Authorisation objects for specific countries
  • 7. 6 Enhancement Options • For structural authorisations, function modules can be used to decide at which point in the structure to start Dynamic start object • For HR, a custom object is available that can be generated or filled with bespoke coding Custom authorisation object • Available for basic objects, as well as for structural and context- sensitive authorisations BAdIs
  • 8. 7 Before You Start with Custom Programming … Make sure you understand what’s available in SAP standard Ask “Why do we need this” and consider process changes
  • 9. 8 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 10. 9 The Mother of All HR Authorisation Objects • Authorisation Object P_ORGIN  Most widely used object to control access to employee data  Note: Cost Centre or Personnel Subarea not available What can you do? For which set of data? For which employees?
  • 11. 10 Using Organisational Key as a Wildcard • Before building a custom authorisation object, if you are missing a field in P_ORGIN, make full use of the organisational key!  SAP leaves this field free to use for whatever purpose a customer wants to use it for  You can configure this field to be:  Free to change (from a drop-down list or free text)  Free to change with a default value  Default value not changeable • Default values can be:  Built from other fields in Infotype 0001  E.g., cost centre or personnel subarea  Set in Master Data BAdI HRPAD00_INFTY
  • 12. 11 Access Per Administrator: P_ORGXX • Object P_ORGXX answers the question “which employees” are using the administrator fields from Infotype 0001  Convenient solution if you use these fields  However, consider substitution issues!  If you don’t use these fields in your process, you could use them as extra wild cards via BAdI HRPAD00_INFTY For which employees?
  • 13. 12 Access to Your Own Data: P_PERNR • Object P_PERNR controls how users can access their own data • Field “interpretation of assigned personnel number” is confusing for some administrators:  I: user gets extra right for her own data beyond P_ORGIN/ P_ORGXX (usually for ESS)  E: access to user’s own data is restricted (e.g., HR staff not allowed to change their own salary)  Think of this being two separate authorisation objects Assigned via infotype 0105, subtype 0001
  • 14. 13 Which of the Three Objects Are Used for Master Data? • Entries in T77S0 (see above) decide which objects are active • All active objects are checked sequentially  E.g., if a user does have access to a certain record through P_ORGIN, but not through P_ORGXX (both being active), then access is rejected  P_PERNR can then add rights for the user’s own data or take them away  It can never affect access to data other than the user’s own records
  • 15. 14 Considerations for Basic Authorisation Objects • Infotype and subtype are not always the right level – e.g., NI number in IT0002 is critical • Sometimes controls based on amounts (e.g., one off payments) are required No field-level controls • Dealt with by context-sensitive authorisation No link to organisational structure • It is often required for certain infotypes to be accessible in one transaction or report, but not another No link to transaction or other context data
  • 16. 15 How Object P_ABAP Can Help in Reporting P_ABAP deactivates HR authorisation check (COARS = 2) but doesn’t replace the basic authorisation to start a report! Tip Often difficult to provide access to non-critical reports (e. g., phone list) Recommendation: 1 role with non-critical reports for all users
  • 17. 16 Workaround for the Amount Problem • Problem  A user is allowed to capture a certain wage type (e.g., “medical expenses”) in Infotype 2010, but only up to EUR 100  Infotype and wage type (= subtype) can be controlled by object P_ORGIN or P_ORGXX, but not the amount  This would require custom programming (discussed further down) • Workaround  Create two different wage types  One without limit  One with a limit of EUR 100 set in configuration view V_T511  Assign the two wage types through P_ORGIN or P_ORGXX using the subtype field accordingly
  • 18. 17 Personnel Planning and Development: PLOG • Object PLOG controls access to PD data per  Object type (organisational unit, job, qualification, …)  Infotype and subtype  Activity (function code), such as view, change, … PLOG can control access per plan variant, so “secret” planning scenarios can be protected. If you use only one, still use the restriction so you don’t have to change all roles if the requirement for a sandbox plan comes up (it often happens with very little advance warning only).
  • 19. 18 Understanding Object PLOG • Unlike the objects for personnel master data, PLOG has no option to restrict certain organisational units  This is due to the nature of the data, which can be jobs, as well as courses, etc.  The only way to restrict access to parts of the organisational structure is structural authorisation • The function code controls:  “Standard” activities, like display and change  Bespoke activities for certain processes, like approvals or career simulation • Subtype field for Infotype 1001 (Relationships)  In IT1001, the subtype field represents the relationship type  Making good use of this allows very detailed controls
  • 20. 19 Detailed Controls Using Relationship Types • If your authorisations on personnel planning and developments are quite differentiated, picking the right relationship types can be challenging and require dozens of authorisations of PLOG  Whenever possible, keep it simple  You need to understand the data structure very well  Don’t forget most relationships exist in two directions (“A” and “B”) This example would allow a user to assign instructors and organisers to a course/event, but not to book delegates Prerequisite: Access to instructors and organisers
  • 21. 20 Considerations for Authorisation Object PLOG • Similar to problem with PA-infotypes, but not required very often No field-level controls • Access rights are always for all objects of a particular type • Organisational view is checked separately by structural organisation • Link between PLOG and structural organisation requires context-sensitive authorisation, which is not yet available for PLOG No organisational view • It is often required for certain infotypes to be accessible in one transaction or report, but not another. This is even more common here than in PA. • In a few cases, the bespoke function codes mentioned earlier can cover this aspect No link to transaction or other context data
  • 22. 21 Structural Authorisation • Access to a section of a structure  E.g., org unit with all subordinate units, positions, and people • Structural profile  One or several such sections  Using evaluation paths  Defined in table T77PR • Profiles are assigned to users  In table T77UA • Access to data is defined in “normal” authorisation objects  No link! Organisational unit Position Person Organisational unit Has access to these persons’ data
  • 23. 22 Example: Two Structural Profiles for One User Structural profile: “Time manager” Glenn is responsible for time management. He may maintain time data for the sales team. Glenn is also a leader of his team and may read all their master data Structural profile: “My team” User
  • 24. 23 Merging Two Structural Profiles Goes Wrong Maintain time data + Read master data The sales team + His own team
  • 25. 24 Context-Sensitive Authorisation Gets It Right Structural profile “Time manager” Structural profile “own team” Glenn is also a leader of his team and may read master data Context Context Glenn is responsible for time management. He may maintain time data for a special unit.
  • 26. 25 Context Authorisation in Object P_ORGINCON • The new field PROFL represents a structural profile  Data and actions specified can be accessed only for employees accessible via this structural profile  This is the hitherto missing link between structural authorisation and “normal” authorisation objects What can you do? For which set of data? For which employees?
  • 27. 26 Options in Context-Sensitive Authorisation • It can be used in two standard objects:  P_ORGINCON, replacing P_ORNGIN  P_ORGXXCON, replacing P_ORGXX • They are activated in T77S0  Switches INCON and XXCON, respectively  Switch DFCON must also be set to activate context solution • There is no context solution for PD-Data  Authorisation object PLOG_CON exists, but is currently not working (SAP is aware it is not working)
  • 28. 27 So, Why Custom Programming? Some structural gaps in standard authorisations Only partially rectified by context solution Custom coding can close gaps and streamline processes, if used with consideration
  • 29. 28 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 30. 29 Structural Authorisation: Example • Rather than creating a profile with an explicit start object for each section of the org structure, the start object can be determined dynamically Organisational unit Position Person Organisational unit Has access to these people’s data Position Person User Line Manager Relationship, e.g.‚ is line manager of:
  • 31. 30 Dynamic Start Object Using Function Module Standard function module RH_GET_ORG_ASSIGNMENT dynamically identifies the assigned org unit User Person Position Org unit IT 0105 Holder Belongs to Eval.Path ORGASS
  • 32. 31 More Flexibility with Custom Function Modules • User is line manager of – function module RH_GET_MANAGER_ASSIGNMENT • User is staff member of – function module RH_GET_ORG_ASSIGNMENT Many users stop at standard options • PAs capturing data for managers or whole teams • Managers not having access more than two levels down (“grandfather principle”) • Other roles, like resource planners, event managers, … Real life requirements are more diverse  custom function modules • … and a good deal of analysis and conceptual thinking • This is arguably the least intrusive way of enhancing You can achieve much with little custom programming
  • 33. 32 It Can Be That Easy … Copy function module and replace standard with your own evaluation path: ... or as complex as you want it to be
  • 34. 33 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 35. 34 How to Use the Custom HR Authorisation Object • You can create as many custom objects as you like  However, they would not be checked in any standard transactions and would, therefore, be useless except when used in custom coding • The special concept of P_NNNNN in HR allows you to create one custom object, which is integrated an all relevant standard transactions  The standard process allows you to chose fields from Infotype 0001, plus some obligatory fields  E.g., cost centre or supervisor  You can also add custom coding, e.g., to make it dynamic
  • 36. 35 Step-by-Step Guide to P_NNNNN Create P_NNNNN • The real name would usually be different, starting with “Z” • P_NNNNN is merely a placeholder for your own name • Chose fields from Infotype 0001 Integrate P_NNNNN in standard authorisation check • Code generation with report RPUACG00 Amend coding, if required • Note: your amendments will be lost if code generation is repeated Activate P_NNNNN • Switch in table T77S0
  • 37. 36 Step 1: Create New Object • Transaction SU21  button “create”  “Authorisation Object” • Fill in name and chose fields • Save new object • Generate SAP_ALL to include the new object Mandatory fields
  • 38. 37 Step 2: Generate Coding • Report RPUACG00  Decide whether the object should be context-sensitive  Password = your user name • Note: although this is not a modification, you’ll be asked to enter an object key
  • 39. 38 Step 3: Amend Coding • You can skip this step  Then the object will just check the fields you included in the same way P_ORGIN checks employee group, subgroup, … • Or you can add extra logic in program MPPAUTZZ, e.g.:  Make the cost centre check dynamic, so the system is not granting access to a fixed cost centre, but to the cost centre assigned to the user  Perform a check depending on the transaction code  This would allow you to get around one of the major considerations of standard authorisations  Consider a custom table with FLAs*  Right to capture IT0015 depends on the amount * Financial authority limit
  • 40. 39 Step 4: Activate Check • Activation in T77S0 in the same way as standard objects are activated  Before the activation, you should make sure it is included in all relevant roles – otherwise, users will be completely blocked • You may also want to amend the profile generator to include the new object in its suggestions
  • 41. 40 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 42. 41 BAdIs Overview • The most widely used BAdIs are:  HRBAS00_ GET_PROFL: dynamic assignment of structural profiles in the context solution  HRBAS00_STRUAUTH: changing structural authorisation  HRPAD00AUTH_CHECK: replacing general HR master data check  HRBAS00_RHBAUS00: amending the report for buffering objects in structural authorisation  HRPAD00CHECK_TIME: amending HR authorisations time logic  Further BAdIs for particular processes, such as:  Access to cost plans  Travel and Expense management  Appraisals
  • 43. 42 Automatically Assigning Structural Profiles If maintenance of table T77UA takes too much effort or doesn’t fulfill the requirements Assignment of structural profiles either from the field PROFL or following your own logic via BAdI HRBAS00_ GET_PROFL No need to maintain table T77UA. Dynamic assignment of structural profiles. Tip
  • 44. 43 Changing Structural Authorisations • BAdI HRBAS00_STRUAUTH has six methods which can be used independently or in combination with each other • The most popular ones are:  Check_Authority_View: you can determine freely whether the user should have access to a certain object  Check_Auth_Plan1: same, but for employees rather than other objects  Check_Authority_Search: allows different access to objects for users in a search function
  • 45. 44 Business Examples • Some users may not have any access to data of organisational units, but should see them in a search function to perform a structural search. Method Check_Authority_Search can do this. Opening up search functions • PAs may not have any access to the object type E (event), but should still be allowed to book employees on courses. This can be done in method Check_Authority_View. Booking employees on courses • You can also use method Check_Authority_View to allow a user access to external courses only. The flag external/internal is not used by standard authorisations, so you need the BAdI to differentiate. Access to external courses only
  • 46. 45 The Most Powerful of Authorisation BAdIs BAdI HRPAD00AUTH_CHECK is very powerful, as well as dangerous • It can completely change the behaviour of standard PA authorisation checks. So, in theory, you can implement any authorisation process you want. • As soon as the BAdI is activated without any coding changes, no user will be able to access any HR master data • You need to implement all methods, even if you need only one of them for your purpose • It is recommended to use other tools for smaller amendments, whenever possible • If you have various bespoke requirements, this is the right tool
  • 47. 46 What Are All Those Methods For? • This BAdI has 13 methods, which makes it difficult to understand  Most of them are meant to improve the performance of standard authorisation checks  In almost all cases, the method required for custom checks is CHECK_AUTHORIZATION • However, when the BAdI is switched on, it is completely replacing standard authorisation checks for PA data  Therefore, it is not enough to implement the one method only  You’d usually want all other methods to work as they would in SAP standard, so you need to implement them accordingly
  • 48. 47 Keeping Standard Checks Where Still Needed • Just the normal implementation steps for BAdI HRPAD00AUTH_CHECK Create a BAdI implementation • Create method, e.g., “CHECK_CHECKER” as shown on next slide Make standard checks available • Call standard method in all method implementations • Example on next slide shows this for method CHECK_MAX_INFTY_AUTHORIZATION – others are to be done accordingly Implement standard checks • Now add your custom coding – usually in method CHECK_AUTHORIZATION Make custom amendments
  • 49. 48 Sample Coding Method CHECK_CHECKER • CREATE OBJECT checker TYPE cl_hrpad00auth_check_std. Method DELAYED_CONSTRUCTOR • CALL METHOD check_checker • EXPORTING • context = context • repid = repid. Method CHECK_MAX_INFTY_AUTHORIZATION • CALL METHOD check_checker. • CALL METHOD checker->check_max_infty_authorization “change accordingly for other methods • EXPORTING • level = level • tclas = tclas • infty = infty • IMPORTING • is_authorized = is_authorized • EXCEPTIONS • invalid = 1 • internal_error = 2 • OTHERS = 3.
  • 50. 49 Business Examples • Depending on config, time evaluation may require display rights for IT0008. The user running time needs this, but is not allowed to see IT0008 directly. • Many reports require some data from IT0002 or IT0032, but users running these reports should not see national insurance numbers or company car data. So, they get access to these infotypes only in the context of these reports. Transaction sensitivity • PAs have access to staff in their department for info purposes, but they are not allowed to see salary data for their own boss Exclude some data from own manager • Some users are allowed to change infotype 2006 max for one month into past. The BAdI allows this without using IT0130 and constantly updating it. Dynamic time sensitivity
  • 51. 50 Typical Problems with This BADI • As checks are hard coded rather than visible in roles, it is difficult to see who’s got which rights • Tip: using custom authorisation objects and checking them in this BAdI improves transparency a lot Transparency • Whilst you often focus on one single method, it can become very complex to manage the interdependencies of all methods in this BAdI Interdependencies of the many methods • Because it is so powerful, business users may get used to getting each and every exception implemented. Eventually, this will lead to an unmanageable level of complexity. Anything goes attitude
  • 52. 51 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 53. 52 Authorisations in Custom Development • Sometimes you require a deviation from standard authorisation checks only in the context of a custom development  In this case, it may be easier to add coding for bespoke authorisation checks into the custom program  This avoids side effects you may have by using the BAdIs  Consider a custom authorisation object (not P_NNNNN)  Always remember that access to data is not checked by the database, but in each program  Custom coding can, therefore, easily get around authorisations  Using logical databases makes it easier for developers to make sure authorisations are checked, but they can still ignore them, if they want to
  • 54. 53 Balancing It Out Pro Custom Coding Business requirements followed very closely They can reduce number of roles considerably May improve system performance Contra Custom Coding Upfront cost for implementation and test Test effort for changes Risk of side effects and sceptical auditors Long-term complexity trap Some processes may just not work otherwise
  • 55. 54 Make the Substitution Test • Requirements for more and more exceptions to be programmed in authorisation checks can become overwhelming • Apart from the usual discussion of cost vs. benefit, there is one test we recommend to do with the business every time: If we implement this bespoke, very strict authorisation check, would then a substitution still be able to perform this user’s task, when he or she is off sick? Note that handing over your password is considered a severe breach of security guidelines.
  • 56. 55 What We’ll Cover • Overview: out-of-the-box concepts and enhancement options • Standard objects, structural and context-sensitive authorisations • Making structural authorisations more dynamic • Using a custom authorisations object • Using BAdIs: (almost) everything is possible • Striking the right balance: keep customization to a minimum • Wrap-up
  • 57. 56 Where to Find More Information • Eric Wood, “How to Use Structural Authorizations for Effective HR Strategy and Security” (HR Expert, February 2013). • Anja Junold and Martin Esch, Authorizations in SAP ERP HCM – Design, Implementation, and Operation (SAP PRESS, 2008).  A new edition is available in German • www.iprocon.com/nl-en  iProCon Newsletter on SAP HCM with several authorisations experts as regular contributors  German version available: www.iprocon.de/newsletter • http://help.sap.com/saphelp_470/helpdata/en/e0/bdb83b5b831f3be 10000000a114084/content.htm  Simple examples for BAdI HRPAD00AUTH_CHECK
  • 58. 57 7 Key Points to Take Home • SAP standard authorisation checks happen primarily on infotype/ subtype and object level depending on organisational criteria • Assigning rights on field-level or based on data content (e.g., amount limits) or transactional context requires custom solutions • Custom solutions can reduce the number of roles and profiles • The custom object P_NNNNN can be generated or amended with custom coding for more complex logic • BAdI HRPAD00AUTH_CHECK is very powerful, but difficult to handle. For small amendments, try to use other tools. • Custom programs have to take care of their own authorisation checks – ideally referring to standard checks and making use of logical databases • It is important to strike the right balance; otherwise, complexity can keep growing until it becomes almost impossible to make further changes without unwanted side effects
  • 59. 58 Your Turn! How to contact me: Sven Ringling s.ringling@iprocon.com @svenringling Please remember to complete your session evaluation
  • 60. 59 Disclaimer SAP, R/3, mySAP, mySAP.com, SAP NetWeaver®, Duet®, PartnerEdge, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Wellesley Information Services is neither owned nor controlled by SAP.