Sunday 14 April 2013

Authorization in SAP HR

Q. What is double verification principle ?
  • All critical data is protected
  • Authorization to access specific data has to be given
Q. Authorization in SAP?
A. Authorizations control system users’ access to system data and are therefore a fundamental prerequisite for the implementation of business software. There are two main ways to set up authorizations for SAP Human Resources:
  • General Authorizations - determines which object data (infotype, subtype) and which access mode (Read, Write ...) the user has an access.
    • Single Role       - Individual authorizations either  to screens, infotypes, etc.,
    • Composite Role- Group of Single Roles clubbed together and called as composite role
  • Structural Authorization: determines to which object/objects in the organizational structure the user has an access. It describes the special authorizations that you can define in Personnel Planning and Development in addition to the basic access authorizations
Q. What is a role and what is it made up of? / How are the authorizations in a role maintained?
A. Role is the way how authorizations are granted in SAP or the activities which are performed by an individual are restricted. A role consists of all the duties performed by an individual in the organization. For e.g., the clerk or the manager or buyer or dispatcher etc.. Two managers of same cadre have same type of duties. Technically a role contains all the items(transactions or tcodes, reports, links) which are needed by an individual in particular position.

In a  role-based authorization system the structure of organization is well defined, the activities performed by each individual are defined clearly and the users are assigned to generic roles (technical)  which contains tcodes necessary for performing the job. There are three types of roles.
  • Single roles
  • Composite roles
  • Derived roles
Q. Composite Role
A. A composite role has many single roles. No authorization data can be maintained in a composite role.  You can enter some menu entries like links to websites, reports only. Tcodes cannot be added. The authorization data has to be maintained only in the single roles.

When you attach a composite roles to a user all the single roles gets attached to him. In the change documents it shows the single profiles that belongs to single roles gets attached to them. Suppose a composite role has 3 single roles. When you attach this composite role to a user then 3 authorizations profiles will get attached to him. The change count  in SUIM will be 3.

Q. Derived Role
A. These roles are derived from already existing roles.The derived roles inherit the menu structure and functions (including transactions etc…) of the referred role.

Q. What is Profile Generator?
A. The Profile Generator tool allows authorization administrators to automatically generate and assign authorization profiles. 

Q. What are the main advantages of the Profile Generator?
A. The Profile Generator tool is used to:
  • Select transactions from the company menu
  • Retrieve all authorization objects to transactions selected (Via Check ID Tables)
  • Generate authorizations once field restrictions have been entered for each authorization object
  • Group authorizations in auto-generated profiles
The administrator has only to configure customer-specific settings such as:
  • The Company Menu enables transactions available for customer
  • The Check ID tables 1) assign the authorization objects that are relevant to a transaction, and 2) assign default values for authorization objects
  • Once the configuration is complete, the profile generator will then be capable of managing all tasks, such as selecting the relevant authorization objects for transactions selected.
Q. Are authorization objects or profiles assigned to users?
A. A user's authorizations for the various objects in the SAP R/3 System are determined by authorization
profiles that are assigned in the user master record.

An authorization object is made up of a maximum of 10 authorization fields. For the sake of clarity, the authorization objects are grouped according to applications. 

Authorization profiles are lists of authorization objects and the corresponding authorizations.

16 comments:

  1. great information. very useful post thank you

    ReplyDelete
  2. such a great information shared by you really nice

    ReplyDelete
  3. It is really a great and useful piece of info. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thank you for sharing.

    Hr Consultancy in Chennai

    ReplyDelete
  4. Hello, am Joshua. 2017 was a year I did something that changed my life for the better financially. Two months into 2017, I lost most of my assets due to a fire outbreak in my store, and as a result I was all out in debt. I needed up to 20000$ to get back up, getting a loan was outta my options I already borrowed too much from my bank and two loan companies.

    I was devastated when a friend gave me an email to contact saying they could help me with the amount I needed, they were hackers. At first, I ignored because I've all about these people before, and I didn't wanna be scammed, but there was no one I could turn to, so I sent an email. They replied and gave me the available packages, I told them I needed 20000$, they told me sincerely that the plan wasn't available until the following weekend, so I had to wait. Finally! It was available, but they said I had to pay for the services first, Damn! I got trust issues. There was no way I was sending an amount for something I wasn't sure of, so I passed. Two days later when I saw my status, I had to run back to them. I told them I wanted to try out first with the lowest amount, I paid them 200$ for 2500$, and within 3hours, I was at the western union cashing out. Seriously! I was shook!

    Then I went ahead and ordered for the 20000$ and paid them the fee they requested, the next day, I was cashing out multiple times because y'all know there was a limited amount you could cash out at a time. Ever since, I been doing business with them, and not a moment since then have I regretted it. I feel good y'all. You wanna get money too, email them now at; checkmatehackers@gmail.com.

    You gon be glad you did. AdiĆ³s people and GOODLUCK.

    ReplyDelete

  5. thanks for provide a lot of information about SAP HR solutions
    sap HR Training in chennai

    ReplyDelete
  6. Thank you for your post which is very informative. Those who want to get SAP Module training in Chennai, CODEDION TECHNOLOGIES are the best SAP training company with Online and Class Room SAP course with 100% hands-on practice in live project provided by MNC real-time certified SAP Trainers
    Visit our site: https://www.codedion.com/solutions/

    ReplyDelete
  7. GET THE BLANK ATM CARD AND BECOME RICH
    Hackers with the above email (martinshackers22@gmail.com) its at it again! Cool way to have financial freedom !!! Are you tired of living a poor life, here is the opportunity you have been waiting for. Get the new ATM BLANK CARD that can hack any ATM MACHINE and withdraw money from any account. You do not require anybody's account number before you can use it. Although you and I know that its illegal, there is no risk in using it. It has SPECIAL FEATURES that makes the machine unable to detect this very card, and its transaction is not be traced .You can use it anywhere in the world. With this card, you can withdraw the sum of $ 5,000 a day. So to get the card, reach the hackers via email address: martinshackers22@gmail.com..please don't contact him if you are not serious minded ....
    CONTACT: MR MARTINS at martinshackers22@gmail.com OR whatsApp him on +905525870924 TO GET YOURS NOW…

    ReplyDelete