Question:
hi
I am responsible for the authorization in a big retail company where SAP is being implemented. I have only worked in authorisation for 2 months (never worked in SAP before), so please forgive me if ask ridiculous questions.
At the moment we are starting to build our HR roles. I have noticed that some of the HR roles do not have company code when I create them - is company code not a standard in SAP HR?. So now we have to find another way to add company codes to the authorisations.
I know about the organizational key but it is going to be used for the cost center (10 Character) and our PA subarea (4 characters).
Any suggestions?
Thanks
Answer:
Company code is a standard data element of the HR record populated from the user's position in the HR structure. It however is NOT a control attribute ( unless you configure HR to populate the ORGKEY field used in P_ORGIN to house the Company code. ) used by standard SAP HR control. P_ORGIN is considered the main control authorization for HR. you can override this by creating the User defined object and have Co code as a control feature in the custom Auth object ( not recommended though). But then how do you contorl "people on loan to another company but still in the home company"?
Remember the ORG KEY in HR BELONGS TO SECURITY and should not be useed to ease HR reporting. If you intervene soon enough you can have the org key created so it is usefull in contolling HR records. Make sure you make it maskable with a training asterisk so you do not have to key each value.
Look at P_ORGIN and you may fing PA subarea may be the same as employee subgroup. Also note that Cost center data is not alway correct in HR and the orgkey does not always get populated correctly with the varioous actions in HR. In addition before you go down the "we can control on a very granular number" consider how many roles this will take to carve out a specific group of people when ONE self determining PD profile using structural authorization will resolve your control.
Answer:
thanks for replying,
We have decided to go with the organizational key, what do you mean by making it maskable?
Thanks
Answer:
Masking allows you to give access without having to type each value. In SAP security the asterisk is used as a wild card but must be places at the end of the string. So *PA does NOT mean all values ending in PA but means literally '*PA' where PA* means All values starting with 'PA' .
So when you create your org key make sure it minimizes your work by placing the Major Key first. Do you want to give access primarily by Co code or by Personel subarea?
Answer:
We will be using company codes primarily