Outlining HCM Authorizations

You can simultaneously set up both general and structural authorization types to achieve a complex authorization concept.

The general authorization check in SAP ERP HCM controls access to HR infotypes and forms a part of the general SAP authorization check.

When you define an authorization, the system checks the user master record to determine whether the specified user has the corresponding authorization to access the specified fields.

You define authorizations for an authorization object by specifying values for the individual fields of the object. You can create any number of authorizations, each with different values and names, for an authorization object.

Authorizations are grouped together in an authorization profile.

A user’s authorizations are determined from the authorization profiles assigned to the user in the master data record for the various authorization objects in the system.

From a business point of view, the structural authorization check performs the same function as the general authorization check in SAP ERP HCM. Structural authorization controls access to data stored in time-dependent structures, such as organizational structures, course hierarchies, qualifications catalogs, and so on.

The flexibility of this concept ensures that the maintenance of structural authorizations is minimal, even if a change is made within the structure. This check ensures that users still have access only to those objects for which they are responsible.