Distributed maintenance for a responsibility role

Dart, Jocelyn jocelyn.dart at sap.com
Wed Dec 12 18:39:23 EST 2001 

Hi Felix,
Forget about the HR authorisation object.  You need HR structural
authorisations - this lets you restrict access down to the object id
level if you wish.
Look in the IMG (transaction SPRO) under Basis > Business Management >
Workflow > Authorisation Management.
Regards,
Jocelyn.
 
-----Original Message-----
From: Felix Hassine [mailto:Felix.Hassine at us.pm.com]
Sent: Thursday, 13 December 2001 10:32 AM
To: SAP-WUG at MITVMA.MIT.EDU
Subject: Re: Distributed maintenance for a responsibility role
 
 
Hi Jocelyn,
 
Thanks for your answer. I have turned to the HR authorization object and I
cannot find what I need. The only object checked by authority-check (version
46C) is PLOG.
Here are the 6 fields it has:
 
INFOTYPE        ISTAT           OTYPE           PLVAR           PPFCODE
SUBTYP
1001            1               AC              01              DISP
-
 
=> Enables to view AC roles, it is either all of then or nothing at all.
There is no way to filter (not that I see...am I wrong ?) on name or AC
number, etc.
 
INFOTYPE        ISTAT           OTYPE           PLVAR           PPFCODE
SUBTYP
1001            1               AC              01              AEND
-
 
==> Enables to modify (edit) AC roles, it is either all or none.
 
Jocelyn, did I miss something ?
 
Felix
 
> -----Original Message-----
>> From: Dart, Jocelyn [SMTP:jocelyn.dart at sap.com]
> Sent: Wednesday, December 12, 2001 5:20 PM
> To:   SAP-WUG at MITVMA.MIT.EDU
> Subject:      Re: Distributed maintenance for a responsibility role
>
> Hi Felix,
> You assessment of the authority-check object PLOG is correct.
> However you can also use HR structural authorisations to protect
> maintenance of responsibilities (code RY) and roles (code AC).
> HR structural authorisations should give you the level of control
> you require.
> Regards,
>         Jocelyn Dart
> Consultant (EBP, BBP, Ecommerce, Internet Transaction Server, Workflow)
> SAP Australia
> Email jocelyn.dart at sap.com <mailto:jocelyn.dart at sap.com>
> Tel: +61 412 390 267
> Fax: +61 2 9935 4880
>
>
> -----Original Message-----
>> From: Felix Hassine [mailto:Felix.Hassine at us.pm.com]
> Sent: Thursday, 13 December 2001 8:55 AM
> To: SAP-WUG at MITVMA.MIT.EDU
> Subject: Distributed maintenance for a responsibility role
>
>
> I have an issue to present to the group: I am working in a
> multi-company-code environment, where the maintenance of roles will be
> distributed into different countries and different teams.
>
> For several of workflows being developped here, I need to work with
> responsibility roles. The ideal implementation would be to create the
> responsibilities with a container containing the element "CompanyCode"
> among
> the others.
>
> Now here is are the issues:
>         1-I have had a look at the authorization object for editing std
> roles, and it seems no way to segregate on the role name. Am I correct ?
>
>         2- If I am wrong, I will need to create the roles in a way that
> helps me from segregate access to people from each company to maintain
> their
> own part.
> For example, if I give access to administrators of CCode 1000 to maintain
> role ZX, how can I ensure that they will only make changes in the
> responsiblities attached to that specific company code container value ?
>
> What alternative is there ? Did anyone experience this already ?
>
> Felix

More information about the SAP-WUG mailing list