Authorizations in SAP ERP HCM for S/4HANA
Course17
8 views
20 slides
May 15, 2025
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
Discover the detailed use and application of authorization objects in SAP ERP HCM for S/4HANA. Learn to copy and edit sample roles, set up time-dependent authorizations, control access to schemas, and improve system performance for structural authorization profiles.
Slide Content
S4HR94
Authorizations in SAP ERP HCM for
S/4HANA
.
.
PARTICIPANT HANDBOOK
INSTRUCTOR-LED TRAINING
.
Course Version: 2412
Course Duration: 4 Days
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Authorizations in SAP ERP HCM for
S/4HANA
.
.
PARTICIPANT HANDBOOK
INSTRUCTOR-LED TRAINING
.
Course Version: 2412
Course Duration: 4 Days
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
SAP Copyrights, Trademarks and
Disclaimers
© 2025 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any
purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of SAP SE (or an SAP
affiliate company) in Germany and other countries. Please see https://
www.sap.com/corporate/en/legal/copyright.html for additional trademark
information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary
software components of other software vendors.
National product specifications may vary.
These materials may have been machine translated and may contain grammatical
errors or inaccuracies.
These materials are provided by SAP SE or an SAP affiliate company for
informational purposes only, without representation or warranty of any kind, and SAP
SE or its affiliated companies shall not be liable for errors or omissions with respect
to the materials. The only warranties for SAP SE or SAP affiliate company products
and services are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein should be
construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any
course of business outlined in this document or any related presentation, or to
develop or release any functionality mentioned therein. This document, or any related
presentation, and SAP SE’s or its affiliated companies’ strategy and possible future
developments, products, and/or platform directions and functionality are all subject
to change and may be changed by SAP SE or its affiliated companies at any time for
any reason without notice. The information in this document is not a commitment,
promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause
actual results to differ materially from expectations. Readers are cautioned not to
place undue reliance on these forward-looking statements, which speak only as of
their dates, and they should not be relied upon in making purchasing decisions.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Disclaimers
© 2025 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any
purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of SAP SE (or an SAP
affiliate company) in Germany and other countries. Please see https://
www.sap.com/corporate/en/legal/copyright.html for additional trademark
information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary
software components of other software vendors.
National product specifications may vary.
These materials may have been machine translated and may contain grammatical
errors or inaccuracies.
These materials are provided by SAP SE or an SAP affiliate company for
informational purposes only, without representation or warranty of any kind, and SAP
SE or its affiliated companies shall not be liable for errors or omissions with respect
to the materials. The only warranties for SAP SE or SAP affiliate company products
and services are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein should be
construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any
course of business outlined in this document or any related presentation, or to
develop or release any functionality mentioned therein. This document, or any related
presentation, and SAP SE’s or its affiliated companies’ strategy and possible future
developments, products, and/or platform directions and functionality are all subject
to change and may be changed by SAP SE or its affiliated companies at any time for
any reason without notice. The information in this document is not a commitment,
promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause
actual results to differ materially from expectations. Readers are cautioned not to
place undue reliance on these forward-looking statements, which speak only as of
their dates, and they should not be relied upon in making purchasing decisions.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Typographic Conventions
American English is the standard used in this handbook.
The following typographic conventions are also used.
This information is displayed in the instructor’s presentation
Demonstration
Procedure
Warning or Caution
Hint
Related or Additional Information
Facilitated Discussion
User interface control
Example text
Window title
Example text
© Copyright. All rights reserved. iii
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
American English is the standard used in this handbook.
The following typographic conventions are also used.
This information is displayed in the instructor’s presentation
Demonstration
Procedure
Warning or Caution
Hint
Related or Additional Information
Facilitated Discussion
User interface control
Example text
Window title
Example text
© Copyright. All rights reserved. iii
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
iv © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Contents
vii Course Overview1 Unit 1: HCM Authorization Basics2 Lesson: Outlining HCM Authorizations7 Exercise 1: Create a Simple Role and a User19 Lesson: Creating User Master Records21 Lesson: Copying SAP-Delivered Roles25 Exercise 2: Copy a Role27 Exercise 3: Create a Simple Role and a User39 Unit 2: General Authorization Checks41 Lesson: Outlining HCM Authorization Checks51 Lesson: Setting Up an Authorization53 Exercise 4: Set Up Administrator Authorizations67 Lesson: Defining SAP E-Recruiting Authorization Objects79 Lesson: Defining Personnel Planning Authorization Objects81 Lesson: Defining Transaction Code Authorizations83 Lesson: Assigning HR Cluster Data Authorizations85 Exercise 5: Assign HR Cluster Data Authorizations91 Lesson: Defining Customer-Specific HR Authorization Objects93 Lesson: Setting Up Authorization Verification97 Exercise 6: Set Up a Double Verification for Administrators105 Unit 3: Indirect Role Assignment106 Lesson: Assigning Roles Indirectly115 Exercise 7: Compare User Authorization Assignments123 Unit 4: Period of Responsibility for Administrators125 Lesson: Determining the Period of Responsibility for Administrators132 Lesson: Outlining Time Logic for Data Access151 Exercise 8: Create Four HR Master Data Records155 Exercise 9: Perform Customizing of Time-Dependent Blocking
of Data
167 Unit 5: Payroll Authorization Objects169 Lesson: Defining Payroll Authorization Objects174 Lesson: Controlling Access to Schemas and Personnel Calculation
Rules
177 Exercise 10: Set Up an Authorization to Control Access to
Schemas and Personnel Calculation Rules
© Copyright. All rights reserved. v
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
vii Course Overview1 Unit 1: HCM Authorization Basics2 Lesson: Outlining HCM Authorizations7 Exercise 1: Create a Simple Role and a User19 Lesson: Creating User Master Records21 Lesson: Copying SAP-Delivered Roles25 Exercise 2: Copy a Role27 Exercise 3: Create a Simple Role and a User39 Unit 2: General Authorization Checks41 Lesson: Outlining HCM Authorization Checks51 Lesson: Setting Up an Authorization53 Exercise 4: Set Up Administrator Authorizations67 Lesson: Defining SAP E-Recruiting Authorization Objects79 Lesson: Defining Personnel Planning Authorization Objects81 Lesson: Defining Transaction Code Authorizations83 Lesson: Assigning HR Cluster Data Authorizations85 Exercise 5: Assign HR Cluster Data Authorizations91 Lesson: Defining Customer-Specific HR Authorization Objects93 Lesson: Setting Up Authorization Verification97 Exercise 6: Set Up a Double Verification for Administrators105 Unit 3: Indirect Role Assignment106 Lesson: Assigning Roles Indirectly115 Exercise 7: Compare User Authorization Assignments123 Unit 4: Period of Responsibility for Administrators125 Lesson: Determining the Period of Responsibility for Administrators132 Lesson: Outlining Time Logic for Data Access151 Exercise 8: Create Four HR Master Data Records155 Exercise 9: Perform Customizing of Time-Dependent Blocking
of Data
167 Unit 5: Payroll Authorization Objects169 Lesson: Defining Payroll Authorization Objects174 Lesson: Controlling Access to Schemas and Personnel Calculation
Rules
177 Exercise 10: Set Up an Authorization to Control Access to
Schemas and Personnel Calculation Rules
© Copyright. All rights reserved. v
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
183 Unit 6: Authorization Check for Evaluations185 Lesson: Setting Up Selection Periods for Evaluations191 Lesson: Creating Authorizations for the HR: Reporting Object195 Exercise 11: Create an Authorization for the HR Reporting
Object
207 Unit 7: Structural Authorizations209 Lesson: Outlining the Structure of the Personnel Planning Data
Model
215 Lesson: Outlining Structural Authorization Profiles224 Lesson: Creating Overall Authorization Profiles229 Exercise 12: Create an Overall Authorization Profile237 Lesson: Generating Authorizations243 Exercise 13: Generate User Authorizations247 Lesson: Improving System Performance for Structural
Authorization Profiles
253 Unit 8: The Context Solution254 Lesson: Solving Context-Sensitive Authorizations263 Exercise 14: Generate Context Authorization Objects271 Unit 9: Additional Aspects of the General Authorization Check272 Lesson: Outlining Organizational Key Authorization Checks277 Exercise 15: Update an Organizational Key Authorization283 Unit 10:HR Authorization: Optimization285 Lesson: Optimizing HR Authorizations
vi © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Object
207 Unit 7: Structural Authorizations209 Lesson: Outlining the Structure of the Personnel Planning Data
Model
215 Lesson: Outlining Structural Authorization Profiles224 Lesson: Creating Overall Authorization Profiles229 Exercise 12: Create an Overall Authorization Profile237 Lesson: Generating Authorizations243 Exercise 13: Generate User Authorizations247 Lesson: Improving System Performance for Structural
Authorization Profiles
253 Unit 8: The Context Solution254 Lesson: Solving Context-Sensitive Authorizations263 Exercise 14: Generate Context Authorization Objects271 Unit 9: Additional Aspects of the General Authorization Check272 Lesson: Outlining Organizational Key Authorization Checks277 Exercise 15: Update an Organizational Key Authorization283 Unit 10:HR Authorization: Optimization285 Lesson: Optimizing HR Authorizations
vi © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Course Overview
TARGET AUDIENCE
This course is intended for the following audiences:
●Data Manager
●Application Consultant
●Data Consultant
●Business Process Owner/Team Lead/Power User
© Copyright. All rights reserved. vii
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
TARGET AUDIENCE
This course is intended for the following audiences:
●Data Manager
●Application Consultant
●Data Consultant
●Business Process Owner/Team Lead/Power User
© Copyright. All rights reserved. vii
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
viii © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
UNIT 1
HCM Authorization Basics
Lesson 1
Outlining HCM Authorizations
2
Exercise 1: Create a Simple Role and a User
7
Lesson 2
Creating User Master Records
19
Lesson 3
Copying SAP-Delivered Roles
21
Exercise 2: Copy a Role
25
Exercise 3: Create a Simple Role and a User
27
UNIT OBJECTIVES
●Outline HCM authorization types
●Outline the general authorization check
●Outline the structural authorization check
●Create a user master record for an existing employee
●Copy sample roles delivered by SAP
© Copyright. All rights reserved. 1
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
HCM Authorization Basics
Lesson 1
Outlining HCM Authorizations
2
Exercise 1: Create a Simple Role and a User
7
Lesson 2
Creating User Master Records
19
Lesson 3
Copying SAP-Delivered Roles
21
Exercise 2: Copy a Role
25
Exercise 3: Create a Simple Role and a User
27
UNIT OBJECTIVES
●Outline HCM authorization types
●Outline the general authorization check
●Outline the structural authorization check
●Create a user master record for an existing employee
●Copy sample roles delivered by SAP
© Copyright. All rights reserved. 1
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Unit 1
Lesson 1
Outlining HCM Authorizations
LESSON OBJECTIVES
After completing this lesson, you will be able to:
●Outline HCM authorization types
●Outline the general authorization check
●Outline the structural authorization check
HCM Authorization Types
Figure 1: Authorization TypesAnimation: Authorization Types
For more information on Authorization Types, please view the animation in the
lesson Outlining HCM Authorizations in your online course.
An authorization check is a method by which the system controls a user’s access to system
data. Assigning authorizations is a fundamental prerequisite for the implementation of
2 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Lesson 1
Outlining HCM Authorizations
LESSON OBJECTIVES
After completing this lesson, you will be able to:
●Outline HCM authorization types
●Outline the general authorization check
●Outline the structural authorization check
HCM Authorization Types
Figure 1: Authorization TypesAnimation: Authorization Types
For more information on Authorization Types, please view the animation in the
lesson Outlining HCM Authorizations in your online course.
An authorization check is a method by which the system controls a user’s access to system
data. Assigning authorizations is a fundamental prerequisite for the implementation of
2 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
business software so that only authorized users access specific data. In SAP HCM, you can
set up two types of authorizations, general and structural.
The following are the two main authorizations you can set up in HCM:
●General authorizations
It is mandatory to create general authorizations for your organization. The general
authorizations include the authorizations that are necessary for Personnel
Administration and that help control access to HR data. This HR data must be strictly
controlled due to its sensitive nature.
●Structural authorizations
It is optional to set up HCM specific structural authorizations. Structural authorizations
check, by organizational assignment, if a user is authorized to perform an activity. If you
want to use structural authorizations, you must map your enterprise’s structure in
Organizational Management.
You can simultaneously set up both general and structural authorization types to achieve a
complex authorization concept.
General authorization and structural authorization can be used in combination.
Determine whether this statement is true or false.
XTrue
XFalse
To view the answer, please complete this question in the lesson Outlining HCM
Authorizations , in your online course.
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 3
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
set up two types of authorizations, general and structural.
The following are the two main authorizations you can set up in HCM:
●General authorizations
It is mandatory to create general authorizations for your organization. The general
authorizations include the authorizations that are necessary for Personnel
Administration and that help control access to HR data. This HR data must be strictly
controlled due to its sensitive nature.
●Structural authorizations
It is optional to set up HCM specific structural authorizations. Structural authorizations
check, by organizational assignment, if a user is authorized to perform an activity. If you
want to use structural authorizations, you must map your enterprise’s structure in
Organizational Management.
You can simultaneously set up both general and structural authorization types to achieve a
complex authorization concept.
General authorization and structural authorization can be used in combination.
Determine whether this statement is true or false.
XTrue
XFalse
To view the answer, please complete this question in the lesson Outlining HCM
Authorizations , in your online course.
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 3
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
General Authorization Check
Figure 2: General Authorization CheckAnimation: General Authorization Check
For more information on General Authorization Check, please view the animation
in the lesson Outlining HCM Authorizations in your online course.
The general authorization check in SAP ERP HCM controls access to HR infotypes and forms
a part of the general SAP authorization check.
You can define the following with authorization objects:
●Authorizations
●The fields that comprise an authorization, up to a maximum of 10 fields
When you define an authorization, the system checks the user master record to determine
whether the specified user has the corresponding authorization to access the specified fields.
You define authorizations for an authorization object by specifying values for the individual
fields of the object. You can create any number of authorizations, each with different values
and names, for an authorization object.
Authorizations are grouped together in an authorization profile.
A user’s authorizations are determined from the authorization profiles assigned to the user in
the master data record for the various authorization objects in the system.
Unit 1: HCM Authorization Basics
4 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Figure 2: General Authorization CheckAnimation: General Authorization Check
For more information on General Authorization Check, please view the animation
in the lesson Outlining HCM Authorizations in your online course.
The general authorization check in SAP ERP HCM controls access to HR infotypes and forms
a part of the general SAP authorization check.
You can define the following with authorization objects:
●Authorizations
●The fields that comprise an authorization, up to a maximum of 10 fields
When you define an authorization, the system checks the user master record to determine
whether the specified user has the corresponding authorization to access the specified fields.
You define authorizations for an authorization object by specifying values for the individual
fields of the object. You can create any number of authorizations, each with different values
and names, for an authorization object.
Authorizations are grouped together in an authorization profile.
A user’s authorizations are determined from the authorization profiles assigned to the user in
the master data record for the various authorization objects in the system.
Unit 1: HCM Authorization Basics
4 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Structural Authorization Check
Figure 3: Structural Authorization CheckAnimation: Structural Authorization Check
For more information on Structural Authorization Check, please view the
animation in the lesson Outlining HCM Authorizations in your online course.
From a business point of view, the structural authorization check performs the same function
as the general authorization check in SAP ERP HCM. Structural authorization controls access
to data stored in time-dependent structures, such as organizational structures, course
hierarchies, qualifications catalogs, and so on.
The flexibility of this concept ensures that the maintenance of structural authorizations is
minimal, even if a change is made within the structure. This check ensures that users still
have access only to those objects for which they are responsible.
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 5
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Figure 3: Structural Authorization CheckAnimation: Structural Authorization Check
For more information on Structural Authorization Check, please view the
animation in the lesson Outlining HCM Authorizations in your online course.
From a business point of view, the structural authorization check performs the same function
as the general authorization check in SAP ERP HCM. Structural authorization controls access
to data stored in time-dependent structures, such as organizational structures, course
hierarchies, qualifications catalogs, and so on.
The flexibility of this concept ensures that the maintenance of structural authorizations is
minimal, even if a change is made within the structure. This check ensures that users still
have access only to those objects for which they are responsible.
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 5
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Structural authorization check can be used to control access to which of the
following structures?
Choose the correct answers.
XAOrganizational structures
XBHuman Resources infotypes
XCQualifications catalogs
XD Course hierarchies
To view the answer, please complete this question in the lesson Outlining HCM
Authorizations , in your online course.
Unit 1: HCM Authorization Basics
6 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
following structures?
Choose the correct answers.
XAOrganizational structures
XBHuman Resources infotypes
XCQualifications catalogs
XD Course hierarchies
To view the answer, please complete this question in the lesson Outlining HCM
Authorizations , in your online course.
Unit 1: HCM Authorization Basics
6 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Unit 1
Exercise 1
Create a Simple Role and a User
Business Scenario
Your personnel administrator needs a basic understanding of the terms and elements of
authorizations in AS ABAP. It is important to understand the terms role, user, object classes,
authorization objects as well as authorization fields and field values. On this basis, the special
features of the authorizations in HCM can be better understood and interpreted.
Note:
In this exercise, when a value or object title contains ##, replace ## by the
number, your trainer assigned to you
Task 1: Login to the Training System Landscape and the Training System
1.Your trainer will inform you about the name (alias) of the training system landscape, the
training system and the required users and passwords. Note down the given information:
Name (alias) of the training system landscape: ______________________________________
User training system landscape: ___________________________________________________
Password training system landscape: ______________________________________________
Name training system/Client: ____________________________________________________
User training system: ____________________________________________________________
Password training system: _______________________________________________________
2.Log in to the training system landscape.
3.If the SAP Logon does not displays, start the app.
4.Logon to the training system.
Task 2: Create a Role and Check the Authorizations
1.Create a role PA30_Role_## with the Transaction PFCG. Check the authorizations.
Task 3: Interpret the Authorization Settings: Object Class, Authorization Object,
Authorization Field, Field Values
1.First look at the object classes. Which object classes display? Note them down, including
the technical names.
Object Class name Technical name.
© Copyright. All rights reserved. 7
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Exercise 1
Create a Simple Role and a User
Business Scenario
Your personnel administrator needs a basic understanding of the terms and elements of
authorizations in AS ABAP. It is important to understand the terms role, user, object classes,
authorization objects as well as authorization fields and field values. On this basis, the special
features of the authorizations in HCM can be better understood and interpreted.
Note:
In this exercise, when a value or object title contains ##, replace ## by the
number, your trainer assigned to you
Task 1: Login to the Training System Landscape and the Training System
1.Your trainer will inform you about the name (alias) of the training system landscape, the
training system and the required users and passwords. Note down the given information:
Name (alias) of the training system landscape: ______________________________________
User training system landscape: ___________________________________________________
Password training system landscape: ______________________________________________
Name training system/Client: ____________________________________________________
User training system: ____________________________________________________________
Password training system: _______________________________________________________
2.Log in to the training system landscape.
3.If the SAP Logon does not displays, start the app.
4.Logon to the training system.
Task 2: Create a Role and Check the Authorizations
1.Create a role PA30_Role_## with the Transaction PFCG. Check the authorizations.
Task 3: Interpret the Authorization Settings: Object Class, Authorization Object,
Authorization Field, Field Values
1.First look at the object classes. Which object classes display? Note them down, including
the technical names.
Object Class name Technical name.
© Copyright. All rights reserved. 7
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Object Class name Technical name.
On the Change Role: Authorizations screen You can see the authorization in tree shape.
These are:
2.Which Authorization Object (including the technical names) do the respective object
classes have?
Cross-application Authorization Objects (AAAB)Authorization object Technical name.Human Resources (HR)Authorization object Technical name....
3.Which authorization fields (including the technical names) does the authorization object
HR: Master Data (P_ORGIN) have? Which suggested field values do the individual
authorization fields have?
Authorization Object H: Master Data (P_ORGIN)Authorization Field Technical name Value.......
Task 4: Answer Two Questions
1.Where do the default values for the authorizations in the role PA30_Role_## (## is your
group number) come from? To do this, look at the Transaction SU24 (Maintenance
Authorization Defaults) for the transaction PA30 and check the proposed authorization
objects. Do these agree with the four proposed authorization objects of the HR object
class in the role PA30_Role _ ## (YES / NO)?
__________________________________________________________________________________
__________________________________________________________________________________
Unit 1: HCM Authorization Basics
8 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
On the Change Role: Authorizations screen You can see the authorization in tree shape.
These are:
2.Which Authorization Object (including the technical names) do the respective object
classes have?
Cross-application Authorization Objects (AAAB)Authorization object Technical name.Human Resources (HR)Authorization object Technical name....
3.Which authorization fields (including the technical names) does the authorization object
HR: Master Data (P_ORGIN) have? Which suggested field values do the individual
authorization fields have?
Authorization Object H: Master Data (P_ORGIN)Authorization Field Technical name Value.......
Task 4: Answer Two Questions
1.Where do the default values for the authorizations in the role PA30_Role_## (## is your
group number) come from? To do this, look at the Transaction SU24 (Maintenance
Authorization Defaults) for the transaction PA30 and check the proposed authorization
objects. Do these agree with the four proposed authorization objects of the HR object
class in the role PA30_Role _ ## (YES / NO)?
__________________________________________________________________________________
__________________________________________________________________________________
Unit 1: HCM Authorization Basics
8 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
2.Answer the question.
Check the proposed field values of the authorization object P_ORGIN. Do these match the
seven field values in the role PA30_Role_## (YES / NO)?
Check the proposed field values of the authorization object P_ORGIN. Do these match the
seven field values in the role PA30_Role_## (YES / NO)?
Task 5: Investigate, Where Basic Links are Configured
1.In the role PA30 _Role_##, the authorization object P_ORGIN is assigned to the object
class HR. At the same time, P_ORGIN is assigned to seven authorization fields such as
INFTY. Where are these basic links made? Go to transaction SU21 (Maintain Authorization
Objects) to check these links.
Task 6: Create a Dialog User and Assign it to a Role
1.Create a dialog user TEST_USER_## and assign it to the role PA30_Role_##.
2.Assign all authorizations for all open authorizations in the role PA30_Role_##.
Task 7: Investigate the Basic Pay Infotype (0008) Additional Paymentsinfotype (0015)
1.Log on to the system with the user TEST_USER_##.
2.Display the Basic Pay infotype (0008) for employee Lars Becker, personnel number
111991##. That should work.
3.Try to change the existing data record Basic Pay Infotype (0008) for employee Lars
Becker, personnel number 111991 ##. You can freely choose the values of the changes.
This shouldn't work because of the lack of permissions.
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 9
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Check the proposed field values of the authorization object P_ORGIN. Do these match the
seven field values in the role PA30_Role_## (YES / NO)?
Check the proposed field values of the authorization object P_ORGIN. Do these match the
seven field values in the role PA30_Role_## (YES / NO)?
Task 5: Investigate, Where Basic Links are Configured
1.In the role PA30 _Role_##, the authorization object P_ORGIN is assigned to the object
class HR. At the same time, P_ORGIN is assigned to seven authorization fields such as
INFTY. Where are these basic links made? Go to transaction SU21 (Maintain Authorization
Objects) to check these links.
Task 6: Create a Dialog User and Assign it to a Role
1.Create a dialog user TEST_USER_## and assign it to the role PA30_Role_##.
2.Assign all authorizations for all open authorizations in the role PA30_Role_##.
Task 7: Investigate the Basic Pay Infotype (0008) Additional Paymentsinfotype (0015)
1.Log on to the system with the user TEST_USER_##.
2.Display the Basic Pay infotype (0008) for employee Lars Becker, personnel number
111991##. That should work.
3.Try to change the existing data record Basic Pay Infotype (0008) for employee Lars
Becker, personnel number 111991 ##. You can freely choose the values of the changes.
This shouldn't work because of the lack of permissions.
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 9
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Unit 1
Solution 1
Create a Simple Role and a User
Business Scenario
Your personnel administrator needs a basic understanding of the terms and elements of
authorizations in AS ABAP. It is important to understand the terms role, user, object classes,
authorization objects as well as authorization fields and field values. On this basis, the special
features of the authorizations in HCM can be better understood and interpreted.
Note:
In this exercise, when a value or object title contains ##, replace ## by the
number, your trainer assigned to you
Task 1: Login to the Training System Landscape and the Training System
1.Your trainer will inform you about the name (alias) of the training system landscape, the
training system and the required users and passwords. Note down the given information:
Name (alias) of the training system landscape: ______________________________________
User training system landscape: ___________________________________________________
Password training system landscape: ______________________________________________
Name training system/Client: ____________________________________________________
User training system: ____________________________________________________________
Password training system: _______________________________________________________
2.Log in to the training system landscape.
a)The trainer will give you the required instructions.
3.If the SAP Logon does not displays, start the app.
a)In the training system landscape, click on Start.
b)Click on the SAP Logon tile.
4.Logon to the training system.
a)In the SAP Logon, the system ZME displays. Double-click the entry.
b)In the screen, enter your given credentials.
c)Hit Enter on your keyboard.
Task 2: Create a Role and Check the Authorizations
1.Create a role PA30_Role_## with the Transaction PFCG. Check the authorizations.
10 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Solution 1
Create a Simple Role and a User
Business Scenario
Your personnel administrator needs a basic understanding of the terms and elements of
authorizations in AS ABAP. It is important to understand the terms role, user, object classes,
authorization objects as well as authorization fields and field values. On this basis, the special
features of the authorizations in HCM can be better understood and interpreted.
Note:
In this exercise, when a value or object title contains ##, replace ## by the
number, your trainer assigned to you
Task 1: Login to the Training System Landscape and the Training System
1.Your trainer will inform you about the name (alias) of the training system landscape, the
training system and the required users and passwords. Note down the given information:
Name (alias) of the training system landscape: ______________________________________
User training system landscape: ___________________________________________________
Password training system landscape: ______________________________________________
Name training system/Client: ____________________________________________________
User training system: ____________________________________________________________
Password training system: _______________________________________________________
2.Log in to the training system landscape.
a)The trainer will give you the required instructions.
3.If the SAP Logon does not displays, start the app.
a)In the training system landscape, click on Start.
b)Click on the SAP Logon tile.
4.Logon to the training system.
a)In the SAP Logon, the system ZME displays. Double-click the entry.
b)In the screen, enter your given credentials.
c)Hit Enter on your keyboard.
Task 2: Create a Role and Check the Authorizations
1.Create a role PA30_Role_## with the Transaction PFCG. Check the authorizations.
10 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
a)On the SAP Easy Access screen choose in the command field the transaction PFCG
(Role Maintenance). and press ENTER.
b)On the Role Maintenance screen, into the Role field enter PA30_Role_## and, choose
the Single Role button. Choose the Save button.
c)Choose the Menu tab page. The folder Role Menu is shown and empty.
d)Choose the Transaction button. A pop-up window Assign Transactions displays. Put
into the Transaction Code column the transaction PA30 and choose the Assign
Transactions button.
e)Save the result by choosing the Save button.
f)On the Change Roles screen, choose the Authorizations tab page.
g)Choose the Change Authorization Data button.
h)A pop-up window Define Organization Levels is coming up. Choose the Cancel (F12)
button.
Note:
If you don’t see the technical names, determine your user settings with:
Utilities → Setting → Show Technical Name and choose the Save Settings
button.
i)Save the role by choosing the Save button and if needed press the Execute (ENTER)
button.
j)Generate the profile by pressing the Generate (Shift+F5) button and confirm the
upcoming pop-up with the Generate button. Confirm the pop-up window Assign Profile
Name for Generated Authorization Profile by choosing the Execute (Enter) button.
Task 3: Interpret the Authorization Settings: Object Class, Authorization Object,
Authorization Field, Field Values
1.First look at the object classes. Which object classes display? Note them down, including
the technical names.
Object Class name Technical name..
On the Change Role: Authorizations screen You can see the authorization in tree shape.
These are:
a)On the Change Role: Authorizations screen You can see the authorization in tree
shape. These are:
Object Class name Technical nameCross-application Authorization Objects AAAB
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 11
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
(Role Maintenance). and press ENTER.
b)On the Role Maintenance screen, into the Role field enter PA30_Role_## and, choose
the Single Role button. Choose the Save button.
c)Choose the Menu tab page. The folder Role Menu is shown and empty.
d)Choose the Transaction button. A pop-up window Assign Transactions displays. Put
into the Transaction Code column the transaction PA30 and choose the Assign
Transactions button.
e)Save the result by choosing the Save button.
f)On the Change Roles screen, choose the Authorizations tab page.
g)Choose the Change Authorization Data button.
h)A pop-up window Define Organization Levels is coming up. Choose the Cancel (F12)
button.
Note:
If you don’t see the technical names, determine your user settings with:
Utilities → Setting → Show Technical Name and choose the Save Settings
button.
i)Save the role by choosing the Save button and if needed press the Execute (ENTER)
button.
j)Generate the profile by pressing the Generate (Shift+F5) button and confirm the
upcoming pop-up with the Generate button. Confirm the pop-up window Assign Profile
Name for Generated Authorization Profile by choosing the Execute (Enter) button.
Task 3: Interpret the Authorization Settings: Object Class, Authorization Object,
Authorization Field, Field Values
1.First look at the object classes. Which object classes display? Note them down, including
the technical names.
Object Class name Technical name..
On the Change Role: Authorizations screen You can see the authorization in tree shape.
These are:
a)On the Change Role: Authorizations screen You can see the authorization in tree
shape. These are:
Object Class name Technical nameCross-application Authorization Objects AAAB
Lesson: Outlining HCM Authorizations
© Copyright. All rights reserved. 11
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Object Class name Technical nameHuman Resources HR
2.Which Authorization Object (including the technical names) do the respective object
classes have?
Cross-application Authorization Objects (AAAB)Authorization object Technical name.Human Resources (HR)Authorization object Technical name....
a)You find:
Cross-application Authoriztion ObjectsAuthorization object Technical nameTransaction Code Check at Transaction StartS_TCODECross-applicationAuthoriztion objectsAuthorization object Technical namePersonnel Planning PLOGHR: Master Data P_ORGINHR: Clusters P_PCLXHR: Master Data-Personnel Number Check P_PERNR
3.Which authorization fields (including the technical names) does the authorization object
HR: Master Data (P_ORGIN) have? Which suggested field values do the individual
authorization fields have?
Authorization Object H: Master Data (P_ORGIN)Authorization Field Technical name Value....
Unit 1: HCM Authorization Basics
12 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
2.Which Authorization Object (including the technical names) do the respective object
classes have?
Cross-application Authorization Objects (AAAB)Authorization object Technical name.Human Resources (HR)Authorization object Technical name....
a)You find:
Cross-application Authoriztion ObjectsAuthorization object Technical nameTransaction Code Check at Transaction StartS_TCODECross-applicationAuthoriztion objectsAuthorization object Technical namePersonnel Planning PLOGHR: Master Data P_ORGINHR: Clusters P_PCLXHR: Master Data-Personnel Number Check P_PERNR
3.Which authorization fields (including the technical names) does the authorization object
HR: Master Data (P_ORGIN) have? Which suggested field values do the individual
authorization fields have?
Authorization Object H: Master Data (P_ORGIN)Authorization Field Technical name Value....
Unit 1: HCM Authorization Basics
12 © Copyright. All rights reserved.
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Librería ERP — Sample | libreriaerp.com/us | [email protected]
Tags
s4hr94
s4hr94_en_2412
sap erp hcm
sap s/4hana
authorization objects
sample roles
time-dependent authorizations
access control
structural authorization
system performance
authorization profiles
hr reporting
payroll reports
context authorization
organizational key
double verification
user authorization
authorization setup
sap schemas
sap roles
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 20
- Age 200 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views