This website is not affiliated with, sponsored by, or approved by SAP AG.

Context sensitive solution

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Context sensitive solution

Postby KEVM » Thu Sep 08, 2011 6:44 am

I have a business requirement that and I am checking to see if Context sensitive Structural auth can be used as a possible solution.

A Team Lead sitting in an Org Unit in the USA or any other country should be able to:
1. Contact all her employees or specific employees in Denmark
2. Contact all employees or specific employees from Denmark or in another country

Question: Can the above be resolved using Context Sensitive Structural Authorization? If so, how?
Posts: 70
Joined: Thu May 17, 2007 11:46 am

Re: Context sensitive solution

Postby os » Thu Sep 08, 2011 12:39 pm

What have you tried so far?
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am

Re: Context sensitive solution

Postby Count » Thu Sep 08, 2011 2:08 pm

there is no such thing as a simple yes or no answer in hr related security in sap especialy with structural and context stuff thrown in.
so the answer to your question could potentially be a yes and no... let m give you a few hypothetical scenarios:
1. how is the overall org str built? does denmark sit below the usa org unit stright down or samewhere in a diferent offshoot altogether?
2. is the area-of-responsibility determined dynamically or is it by way of obj ids?
3. how many different business roles do ou have ?
4. do you need context sensitive authorisations at all? what makes you think this is the way forward for your requirement?
5. how is the reporting structure maintained between managers and those who report to them? 002 relationship?
the long and the short of it is... your questions is not specific so you cannot get a specific answer. I would understand the bsiness requirement first ans not go into the solution mode at all until all requirements are clear.
I have also seen this question in sdn so go award all the points to me there :roll: :mrgreen: :wink:
another very clever solution I have seen in the past is,. usage of context sensitive roles only and asignment of the same to users directly instead of via the org structure (there by eliminating the need for structural auths) ....

one more solution that works like a charm is --> assuming you have a/b002 reporting relationships--> go for dynamic determination of area of responsibility in a structural role by way of a z-function module that depends on this a/b-002 relationshp to determine if a manager is allowed to info of an employee or not at run time.


cognosce te ipsum, corripe cervisiam ;)

Posts: 1373
Joined: Thu Feb 15, 2007 6:28 am

Return to SAP Security

Who is online

Users browsing this forum: No registered users and 2 guests


This website is not affiliated with, sponsored by, or approved by SAP AG.