Creating Overall Authorization Profiles

The following authorizations or restrictions apply to a user who has the overall profile shown in the figure titled Overall Authorization Profile:

The user has read authorization for positions S1 to SN in infotypes 1000 to 1010 (structural profile and profile 2 using PLOG).

The user is not authorized to access organizational units with this profile since the user has no corresponding PLOG authorization.

The user has read authorization for persons P1 to PN in infotypes 0000 to 0007 (structural profile and profile 1 using P_ORGIN). The period of responsibility for persons is also determined accordingly.

For the user to be able to access data on persons, you need to assign the user a corresponding PLOG authorization for persons. The infotype does not have to be specified (Profile 3 using PLOG).

The period check of the structural authorization takes place before the period check of the general authorization.

The period of responsibility of the structural authorization results from the last plan staffing period (relationship between S and P).

In this example, the structural authorization period is F (Future). Therefore, the period of responsibility starts at the system date and extends to the high date. There is no overlap between the plan staffing period and the structural authorization period. The period of responsibility is empty.

In the example the field ADAYS in group PLOGI of table T77S0 contains 30 (days). In this case the period of responsibility begins 30 days before the system date and overlaps with the plan staffing period.

The period of responsibility is then transferred to the general authorization and processed in the time logic.

The flowchart illustrates the process of an authorization process.