E-Recruiting and structural authorizations

Hello,
Were on e-recruiting 6.0. I have the impression that structural authorization is not always checked in this module.
Can anyone share experiences?
Thanks
Koen

Let me take you through a brief description of the Authorisation.I am no expert just trying to figure out if I can help you or not.
At the lowest level are fields one or more of which gets mapped with Authorization object and one or more of which gets mapped with the authorization object class.Finally the required authorisation is being created and assigned to the profiles .
In e recruitment the objects are :
Candidates,Candidacy,Applicants etc,Its are 5125,5126,5104 etc till 5136.The infotyps delas with candidates ,applicants and postings etc.So the access and the entry of data in these infotypes should be controlled by some means or the other.
Hence structural authrorisation should always be there and hence checks will be there.
Message was edited by: Aniket Chatterjee

Similar Messages

Error Occured when Applying Structural Authorizations in E-Recruitment

Dear Experts,
The E-Recruitment functionalities were working fine when no structural authorizations are applied. However, when structural authorizations are configured for the user on the backend SAP system (I configured structural authorizations for the user to have access to only his own department), the E-Recruitment module does not work.
When I tried to access requisitions-> maintenace, application management->applications, etc, (i.e. when the E-Recruitment module tries to retrieve data from the backend), the the following error message occurred.
Error when processing your request
What has happened?
The URL http://<hostname>:<port>/sap/bc/bsp/sap/hrrcf_start_int/application.do was not called due to an error.
Note
The following error text was processed in the system ABC : RAISE EVENT statement nested to deep. The error occurred on the application server XYZ and in the work process 0 .
The termination type was: RABAX_STATE
The ABAP call stack was:
Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
Method: GET_RECORDS_BY_DATE of program CL_HRRCF_INFOTYPE=============CP
Method: ON_REQUISITION_UPDATE of program CL_HRRCF_REQUI_BL=============CP
Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
Please advice if E-Recruitment supports structural authorizations. If it does, are there additional configuration required to enable structural authorization. Kindly enlighten me on how to resolve this error. Any help will be much appreciated.

Hello Louis,
I implemented e-recruiting with structural authorizations for a customer and encountered exactly the same error. Anything in the e-recruiting implementation leads to this problem. When you miss some object authorizations the implementation generates an infinite callstack which results in this short dump.
So be sure you assigned all necessary objects to recruiters and also candidates (NA, NB, NC, ND, NE, NF, BP, CP, P, Q, QK, VA, VB, VC) but this might be difficult esp. with the P object, when you use structural authorizations for other purposes, too. This usually generates problems in manager involvement (e.g. manager can't choose a recruiter to approve his requisition as he has not the structural authorization for the hr department members).
It is also a bit strange that candidates need for example change rights for the requisition (NB) although they won't actually change it but without it the relation application->requisition, candidacy->requsition cannot be created correctly.
Last but not least be always sure that you refreshed the authorization buffers after changing structural authorizations. They are usually switched on for better performance.
Best regards
Roman Weise
PS: be aware that using structural authorizations will keep you busy for some time. we needed ~2 months to set up the system in a way that e-recruiting worked as the custoimer wanted without interfering any other productive hr component (admin, org. mgmnt., managers desktop).

Structural Authorization

hi
I am new to Authorizations ...
can somebody tell me the basics of Structural Authorizations from HR Module point of view ...
i would like to know the steps involved in setting up the structural authorizations from a organization's perspective ....
thanks
hr_user

Hi,
Structural authorizations are used to grant access to view information for personnel where HR has been implemented. Access is granted to a user implicitly by the useru2019s position on the organizational plan. Structural authorizations are not integrated into the standard authorization concept and structural authorization profiles are not the same as standard authorization profiles.
The use of structural authorizations can be illustrated by the following example. A manager can typically view or maintain information on employees in her organizational unit but not employees in other organizational units. When an employee moves from one unit to another his previous manager will no longer be able to view or maintain information about them. Similarly if a manager moves from one unit to another she will be able to see the employees in her new unit
Regards,
Prasad

Structural Authorization in e-recruiting

Hello all
We are implementing e-recruiting 603 ehp4 in standalone scenario. By customer requirements, the "recruiter" role was assigned to all manager therefore the standard service "Create requisition request" from MSS is not in use. So structural authorization we need for the manager to create requisition for his position only.
So, someone know how to perform this or tell me how to complete the table T77PR -the function module, evaluation path, object type and so on-
As always, thank you a lot
Regards
E. Ciotta

Hello Emilio,
Structural authorization in e-recuitng are a mess (although I have not found any official documentation which states "It won't work" and solution management says that there is no restriction sap support answers on customer request for that topic that it is not supported).
Trouble with your requirement is when you restrict the structural authorizatuion on positions for the manager and anywhen run internal job market the manager could not access the position information on a publication if he wants to apply as internal candidate anywhere else in the company. Could get quite tricky to solve this (next to all other issues on this topic).
If it is just about restricting the search I would exactly do this. Either per modification or by a customer development I'd restrict the search result by the structural information without actually switching on structural authorizations.
For getting the positions you should be able by using an evaluation path for direct and indirect positions of a manager or if not available use employees under a manager. If it does not skip the positions they should be contained in the result. If not copy it and remove the skip flag (and S-P relation as it is not needed). Unfortunately I cannot say which evaluation paths are really standard as most systems I use are enhanced here.
path should be like:
NR    Obj.    A/B    Rel.    P    Rel. Obj.    (Descr. Info)
10    P       B      008     *    S            (get position for employee)
20    S       A      012     *    O            (get org.units the position is leading position)
30    O       B      002     *    O            (get all other org.units under the org. unit assuming manager may see all levels)
40    O       B      003     *    S            (get all "normal" related positions in org.units)
50    O       B      012     *    S            (get all leading org.units - could be more than in 10 as we have several org.unit levels)
Best Regards
Roman

MSS genericiview and R/3 structural authorizations

Hi,
I have created some iViews based on par-file "eeprofilegenericiviewtable" to display R/3-queries. In R/3 we use also structural authorizations for the managers with functional module RH_GET_MANAGER_ASSIGNMENT.
The structural authorization is working in R/3 for a selected manager selecting a query directly from the R/3 via SQ01, but it doesn't in the iview. When the same user is viewing the "query"-iview, the message "No data selected" appears.
When I assign the user a structural authorization without the functional module RH_GET_MANAGER_ASSIGNMENT, e.g. only with some object types, the user can retrieve data without any problem using "query"-iview.
Probably the problem is in the functional module HR_INFO_GET_USING_QUERY used for retrieving R/3 query data from the portal and used by the iview eeprofilegenericiviewtable.
Has anybody met a similar problem? We are using EP6.0 SP14 and SAP R/3 4.6C.
Beata

Hi Dwayne (and others!),
Were facing similar problems with the error message "R3_CONNECT_FAILED". However, our difficulties are a bit strange because i only occurs on one of our two server nodes. We're running SAP EP 6.4, SP9.
Previously, we've had problems with the maximum number of connections towards our backend system, SAP R/3. But setting the environment variable CPIC_MAX_CONV helped us.
However, now we get the above error, but only on one of our server nodes. Do you (or anyone else) have any suggestions as to what might be wrong?
Thanks in advance,
Rasmus

Structural Authorization: Difference Between AUTSW-DFCON and AUTSW-ORGPD?

Dear All,
Can anyone explain to me the difference between AUTSW-DFCON and AUTSW-ORGPD in tbale T77S0?
And what is the relationship between these two switches?
Thanks!!

HI Mr. potato,
working off dilek's informative post you may be considering ? context vs non-context?
this image explains how context problems arise in HCM. http://help.sap.com/saphelp_470/helpdata/en/b3/bfb83b5b831f3be10000000a114084/content.htm
I would say generally, when an organization decides to use structural authorizations, they also need to take into account a "context solution". This is most frequently used to "lockdown" how different parts of the HR organization has different authority access to different groups of employees (potentially overlapping). As an HR manager i might have full read access on IT0002 for the entire company (root org), but IT0008 view access only for a sub-org unit.
in this case you need to use the DFCON switch. the 'most restrictive setting for dfcon is value 2. the most iberal setting is, 4. Generally, you need to test all 4 to figure out what works for you.
settings for dfcon:
http://help.sap.com/saphelp_470/helpdata/en/56/db5bc71a64c94f9f2e3cb63e14c867/content.htm

Structural authorization - creation of employee number in webdynpro or abap

Hello Experts,
We are facing some problems with the combination of structural authorizations and the creation of a new employee.
When we use PA40 to create a new employee this does not give any problem.
In the webdynpro we first execute a call transaction PA40 to apply infotype 0000 and 0001. This works well.
Except that the call transaction does not set the connection between PA and OM. (so we did program this ourselves)
In PO13 and the table HRP1001 the same relations are made as when we use PA40 in the sap gui.
After this we do call transactions PA30 for the next infotypes.
When we check the SU53 it gives a message: problems with structural authorizations object P (with the employeenumber) starting at 01.01.1800, enddate is empty.
The employee is manager and connected with his userid in infotype 0105.
We use in the structural profile the function module RH_GET_MANAGER_ASSIGNMENT
We checked with transaction HRHAUTH.
User has been adjusted to the tables T77UA etc.
We do not use workflow in this webdynpro
We used the trace function when this was executed, but it did not give more information about missing structural authorizations.
This issue was before on SDN (Structural authorization - creation of employee number) but unfortunally there was no solution there for the issue!
Hope one of you can help me to find the solution!
With kind regards,
Rita Mensink

Hi.
After 2½ days of frustration I finally nailed this.
Function group RHAC, that handles the authority checks, initially buffers a table called VIEW containing all objects available for the user. As stated earlier in this conversation, SAP handles creation of relations in HRP1001 (links PA and OM). At this point the new employee number is appended to buffered table VIEW in function group RHAC.
When execution the PA40 activity through CALL TRANSACTION, the creation of the relations are not handled - and the same goes for updating the buffered table VIEW. The table can be updated using the function module RH_VIEW_ENTRY_INSERT from the same fundtion group:
This example might be useful
data: ls_view_entry type hrview,
        ls_related_object type hrobject.
ls_view_entry-plvar = '01'.
ls_view_entry-otype = 'P'.
ls_view_entry-objid = lv_pernr.
ls_view_entry-begda = '18000101'.
ls_view_entry-endda = '99991231'.
ls_view_entry-maint = 'X'.
ls_related_object-plvar = '01'.
ls_related_object-otype = 'S'.
ls_related_object-objid = lv_ny_objid.
call function 'RH_VIEW_ENTRY_INSERT'
    exporting
      view_entry     = ls_view_entry
      related_object = ls_related_object.
Best regards
Poul Steen Hansen
Senior Technical Consultant
EDB Consulting Group A/S, Denmark

BW/HR structural authorization in BI 7.0 version

Dear experts,
Can anyone please explain how to extract HR structural authorization from R/3 to BW 7.0, and how to configure the authorization in the BW, I hope everyone can give me a work flow.
Thanks.

Hi Auke, thanks for your answer.
Changes inside the user profile are working, but deletion don't. And yes, the meaning of this is that user should not have role anymore.
I saw help documents with some procedure using D_E_L_E_T_E user. I didn't understand. Do you know something about that? Is that maybe the right way?
Thanks,
Thiago

How To Create ABAP Code For HR Context Sensitive Structural Authorization

Hello,
We have created a HR Custom Program which IS NOT built off the PCH or PNP Logical Database. As a result, we need to manually create ABAP code for HR Context Sensitive Structural Authorization Check in our custom HR program. Via HR Context Sensitive Structural Authorizations, we are restricting access to personnel numbers and the underlying HRP* tables.
Any assistance would be greatly appreciated with the identification of the SAP standard function modules (Ex. RH_STRU_AUTHORITY_CHECK, HR_CHECK_AUTHORITY_INFTY, HR_CHECK_AUTHORITY_INFTY , etc) used in HR Context Sensitive Structural Authorization Check, how they are used to control HR Structural authorization (P_ORGINCON), and some sample code.
Thank you in advance for all your assistance,
Ken Bowers

Hello Ken
You can use the interface methods IF_EX_HRPAD00AUTH_CHECK to get the same structural authorization as you can see in PA20/PA30. You need to use the methods set_org_assignment and check_authorization for this purpose. For more information you can refer to include FP50PE21 from line 237 onwards till 270.
Regards
Ranganath

SAP BI 7.0 Transport issue with HR Structural Authorization DSO

Hi,
I am trying to transport HR Structural Authorization DSO Objects in BI 7.0 from Dev to QA system. The Data sources are 0PA_DS02 and 0PA_DS03. ( I am sure that there are lots of changes in Authrorization concept in BI 7.0),.
1. Please suggest me if I need to make any changes and tests before moving these authorization objects to QA system.
2. Also, do I need to take any pre-cautions while activating business content objects 0TCTAUTH and 0TCTAUTH_T (Datasources look like are from 3.x) as I am getting issue with the activation of the transfer structure for these objects?
Thanks a lot for your valuable inputs.
Regards
Paramesh
Edited by: paramesh kumar on May 5, 2009 12:45 AM

Hi Paramesh.
You can use the DSOs 0PA_DS02 and 0PA_DS03 in BI7.0 as well. You just need to use the new generation of analysis authorizations in transaction RSECADMIN.
You can use 0TCTAUTH and 0TCTAUTH_T in BI7.0, however we have experienced som problems with the 0TCTAUTH_T extractor, which dumped because of a poorly designed SELECT statement that was unable to cope with 10000 records. We have replaced it with a generic data source that uses table RSECTEXT directly.
Regards,
Lars

R/3 reports related to structural authorization

Can anyone advise which standard reports/transcation codes in R/3 relate to structural authorization? are some better than others? I am interested in viewing allowable objects etc,.
Thank you,
Meghan

Hi Jim,
As you have mentioned you have worked a lot on structural authorizations,
I would request you to kindly help us on the below mentioned scenerio..
Issue : (Scenario)
C directly reports to B, and B Reports to A.
In the above scenario we have logged as B and did the compensation planning for C. A is the approver for the Cs compensation planning.
As C is HOD for HR Org unit. He will submit compensation plans of his subordinates to B for approval. That means B has to have approval authorization for Cs subordinates and he should not have approval authorization for his direct reporting employees.
In our scenario, B is able to perform the compensation planning as well as able to approve the same for his direct reporting employees. This shouldnt happen in our process.
How can achieve this, Please advice
Regards
Raghav

HR Structural Authorization DSO's

Hi,
I have developed HR module for the first time. I need to create the authorization objects for the HR reports.
I found 0PA_DS02 and 0PA_DS03 for structural authorizations in HR. I dont understand the purpose of these DSO's.
Can some one explain what is purpose of the 0PA_DS02 and 0PA_DS03 dso's and how to create authorizations in HR?
Thanks and Regards,
Pooja

HI Pooja,
Use "Rsecadmin" create a authorization object and in that click on the below tool bar infocube authorizations which gives you a option to choose the infoprovider either cube or dso .choose your dso and then navigate around according to your requirements with include option.
I think you need to load the DSO 0TCA_DS01 for Authorization Data(Values). Activate this DSO and try loading the data into this DSO as well and then try to generate the authorizations from this
Thank you

Context sensitive solution for Structural authorization

Dear all,
I would like to know whether new relationship, evaluation path and authorization profile has to be created for each role with context sensitive structural authorization ?
In T77UA table, each user has assigned a profile which tells the system how to find the structure by evaluation path (in T77PR table). Then in tranx OOAW, the evaluation path indicate how to build the structure by series of relationship, and this way we have to create new relationship for each role with context.
Am i correct ?
If an organization has many roles, then many relationship, evaluation path, profile.. has to be created !
Thanks for your help !
patrick cheung

Hi Chandra,
Thanks for your prompt reply !
This is for Context Sensitive solution, not the normal structural authorization:
Yes, if you add the authorization object P_ORGINCON in PFCG, you will notice that the field "Authorization Profile" has to be entered which tells the system WHICH ORG STRUCTURE does this authorization are refering to...
In table T77PR, instead of hardcoding the organization unit in the object ID field, we use Evaluation path to tell the system how to find the org structure for employees. Function RH_GET_MANAGER_ASSIGNMENT will return the org unit ID for the evaluation path.
In transaction OOAW, the said evaluation path specified the relationships which the system should use to draw the org structure of the employee's supervision... and there should be relationship like "Is managed by", may be as follows:
O B 002 Is line supervisor of * O
O A 011 Cost center asignmnt * K
O B 003 Incorporates * S
O B 012 Is managed by... * S
Up to now.... if you want to assign authorization to someone as follows, you could not simply maintain the same relationship "Is managed by" to Org Structure A and B because this will confuse the system as to which org structure you want the employee to maintain infotype 7 or 14/15. You should then create different relationships and maintain them to Org Structure A and B. And tell the system how to find the structure from the Evaluation path, which is stick to the Auth. profile. The Auth. profile is then maintain in the Context sensitive master data object P_ORGINCON !
(1)
Org Structure A
Maintain only infotype 7
(2)
Org Structure B
Maintain only infotype 14, 15
So... that's why i said if an employee has many role to perform duties in many different Org Structures (e.g. A, B, C...etc), you would create many relationship...
Hope this message will give idea to someone who intend to implement Context Sensitive Solution.

Structural authorization check in HR-ABAP

Hello Friends,
I am not able to get how to do the structural authorization check, my exact problem was : There is a report where it diplays all the qualifications of the employees and now I should restrict to only the employees who belongs to the organization unit depending upon the user who is running the report belongs to. It should check some more authorization profiles also.
Regards,
Yoganand.

Hi Yoganand,
if you use logical database PCH in your report, it should work by default.
Manually search for RHSTRUAUTH in transaction SE37. There
is a function modul which gives a list with the person the user has authorization.
With this list you could compare the list with selected persons.
hope this helps.
Regards
Bernd

HR structural authorization

Hello Friends,
I am trying to get concept of HR structural authorization. I have read the document " Structural Authorizations Step by Step, with Gotchas Too by Norm and Carl". After reading this document, what i have understood is In Structural authorization, we create PD profile eg: Manager, employee, ALL etc via transaction OOSP. And after that you assigned these profile to position via report RHPROFL0 or manually via transaction OOSB.
But what i am not able to understand is
1.How do this profile Manger, Employee etc will work? How do Users get authorization. What types of activities Uses are able to perform? What type of data user will have acess to? Do users get authorization to transaction like PA20 or you still need additional role that is created via PFCG.
2. What my understanding is Users who are in the top Hierarchal nodes or structure (eg: manager) is able to access data of employee below him. Do we still need to create roles like MSS and ESS role via transaction PFCG?
If somebody can clarify, I will really appreciate.

Hello Mate,
Have a loook at this thread, this may help .
Re: How to Restrict HR Org Structure from other Org Structures
Regards,
Regi

E-Recruiting and structural authorizations

Similar Messages

Maybe you are looking for