Historical data / structural authorizations compatability ?

Similar Messages

• HR Authorization - How to stop looking historical enterprise structure

  Hello Experts,
  I have few user who is assigned to display the master data of personnel area 5400. Now an employee is moved from personnel area 5400 to personnel area 5900. And this user is still able to view the master data of 5900. How to stop that checking the authorization based on the historical data.
  Please advise.
  Thank you.
  saplover

  > I have few user who is assigned to display the master data of personnel area 5400.
  Okay.
  > Now an employee is moved from personnel area 5400 to personnel area 5900.
  Okay.
  > And this user is still able to view the master data of 5900.
  Okay
  > How to stop that checking the authorization based on the historical data.
  You cannot code a back-dated authority-check, atleast not easily nor performance wise.
  If the employee is moved, then records (which were also moved, created...) for the personnel area they have access to are subsequently visible to them as well, if they have access to that infotype, subtype, etc.
  Perhaps you need to change their role, if they changed their job function??
  Take a read through function module HR_READ_INFOTYPE for a better understanding. The HR objects are generally designed to give access for HR people... unless reporting people (in aggregated form => object P_ABAP...) or unless personally (object P_PERNR...).
  Take a look in tcode SU21 for more infos.
  Cheers,
  Julius

• Info Structure rebuilt historical data

  Hi All,
  Iam planning to rebuilt historical data some self defined info structures, i tried with one info structure for orders/deliveries/invoices, it took more than 36 hours, is there any way to reduce this time??
  Thanks in advance.

  I recommend going through OSS Note 174134 - SIS: Collective note - reorganization (and allied notes inside it) and  Note 19056 - SIS reorganization: Shorter runtimes by parallel processing
  Regards,

• What is the best data structure for loading an enterprise Power BI site?

  Hi folks, I'd sure appreciate some help here!
  I'm a kinda old-fashioned gal and a bit of a traditionalist, building enterprise data warehouses out of Analysis Service hypercubes with a whole raft of MDX for analytics.  Those puppies would sit up and beg when you asked them to deliver up goodies
  to SSRS or PowerView.
  But Power BI is a whole new game for me.  
  Should I be exposing each dimension and fact table in the relational data warehouse as a single Odata feed?  
  Should I be running Data Management Gateway and exposing each table in my RDW individually?
  Should I be flattening my stars and snowflakes and creating a very wide First Normal Form dataset with everything relating to each fact? 
  I guess my real question, folks, is what's the optimum way of exposing data to the Power BI cloud?  
  And my subsidiary question is this:  am I right in saying that all the data management, validation, cleansing, and regular ETTL processes are still required
  before the data is suitable to expose to Power BI?  
  Or, to put it another way, is it not the case that you need to have a clean and properly structured data warehouse
  before the data is ready to be massaged and presented by Power BI? 
  I'd sure value your thoughts and opinions,
  Cheers, Donna
  Donna Kelly

  Dear All,
  My original question was: 
  what's the optimum way of exposing data to the Power BI cloud?
  Having spent the last month faffing about with Power BI – and reading about many people’s experiences using it – I think I can offer a few preliminary conclusions.
  Before I do that, though, let me summarise a few points:
  Melissa said “My initial thoughts:  I would expose each dim & fact as a separate OData feed” and went on to say “one of the hardest things . . . is
  the data modeling piece . . . I think we should try to expose the data in a way that'll help usability . . . which wouldn't be a wide, flat table ”.
  Greg said “data modeling is not a good thing to expose end users to . . . we've had better luck with is building out the data model, and teaching the users
  how to combine pre-built elements”
  I had commented “. . . end users and data modelling don't mix . . . self-service so
  far has been mostly a bust”.
  Here at Redwing, we give out a short White Paper on Business Intelligence Reporting.  It goes to clients and anyone else who wants one.  The heart
  of the Paper is the Reporting Pyramid, which states:  Business intelligence is all about the creation and delivery of actionable intelligence to the right audience at the right time
  For most of the audience, that means Corporate BI: pre-built reports delivered on a schedule.
  For most of the remaining audience, that means parameterised, drillable, and sliceable reporting available via the web, running the gamut from the dashboard to the details, available on
  demand.
  For the relatively few business analysts, that means the ability for business users to create their own semi-customised visual reports when required, to serve
  their audiences.
  For the very few high-power users, that means the ability to interrogate the data warehouse directly, extract the required data, and construct data mining models, spreadsheets and other
  intricate analyses as needed.
  On the subject of self-service, the Redwing view says:  Although many vendors want tot sell self-service reporting tools to the enterprise, the facts of the matter are these:
  v
  80%+ of all enterprise reporting requirement is satisfied by corporate BI . . . if it’s done right.
  v Very few staff members have the time, skills, or inclination to learn and employ self-service business intelligence in the course of their activities.
  I cannot just expose raw data and tell everyone to get on with it.  That way lies madness!
  I think that clean and well-structured data is a prerequisite for delivering business intelligence. 
  Assuming that data is properly integrated, historically accurate and non-volatile as well, then I've just described
  a data warehouse, which is the physical expression of the dimensional model.
  Therefore, exposing the presentation layer of the data warehouse is – in my opinion – the appropriate interface for self-service business intelligence.
  Of course, we can choose to expose perspectives as well, which is functionally identical to building and exposing subject data marts.
  That way, all calculations, KPIs, definitions, and even field names, and all consistent because they all come from the single source of the truth, and not from spreadmart hell.
  So my conclusion is that exposing the presentation layer of the properly modelled data warehouse is – in general - the way to expose data for self-service.
  That’s fine for the general case, but what about Power BI?  Well, it’s important to distinguish between new capabilities in Excel, and the ones in Office 365.
  I think that to all intents and purposes, we’re talking about exposing data through the Data Management Gateway and reading it via Power Query.
  The question boils down to what data structures should go down that pipe. 
  According to
  Create a Data Source and Enable OData Feed in Power BI Admin Center, the possibilities are tables and views.  I guess I could have repeating data in there, so it could be a flattened structure of the kind Melissa doesn’t like (and neither do I). 
  I could expose all the dims and all the facts . . . but that would mean essentially re-building the DW in the PowerPivot DM, and that would be just plain stoopid.  I mean, not a toy system, but a real one with scores of facts and maybe hundreds of dimensions?
  Fact is, I cannot for the life of me see what advantages DMG/PQ
  has over just telling corporate users to go directly to the Cube Perspective they want, that has already all the right calcs, KPIs, security, analytics, field names . . . and most importantly, is already modelled correctly!
  If I’m a real Power User, then I can use PQ on my desktop to pull mashup data from the world, along with all my on-prem data through my exposed Cube presentation layer, and PowerPivot the
  heck out of that to produce all the reporting I’d ever want.  It'd be a zillion times faster reading the data directly from the Cube instead of via the DMG, as well (I think Power BI performance sucks, actually).
  Of course, your enterprise might not
  have a DW, just a heterogeneous mass of dirty unstructured data.  If that’s the case,
  choosing Power BI data structures is the least of your problems!  :-)
  Cheers, Donna
  Donna Kelly

• Structural authorization - creation of employee number in webdynpro or abap

  Hello Experts,
  We are facing some problems with the combination of structural authorizations and the creation of a new employee.
  When we use PA40 to create a new employee this does not give any problem.
  In the webdynpro we first execute a call transaction PA40 to apply infotype 0000 and 0001. This works well.
  Except that the call transaction does not set the connection between PA and OM. (so we did program this ourselves)
  In PO13 and the table HRP1001 the same relations are made as when we use PA40 in the sap gui.
  After this we do call transactions PA30 for the next infotypes.
  When we check the SU53 it gives a message: problems with structural authorizations object P (with the employeenumber) starting at 01.01.1800, enddate is empty.
  The employee is manager and connected with his userid in infotype 0105.
  We use in the structural profile the function module  RH_GET_MANAGER_ASSIGNMENT
  We checked with transaction HRHAUTH.
  User has been adjusted to the tables T77UA etc.
  We do not use workflow in this webdynpro
  We used the trace function when this was executed, but it did not give more information about missing structural authorizations.
  This issue was before on SDN (Structural authorization - creation of employee number) but unfortunally there was no solution there for the issue!
  Hope one of you can help me to find the solution!
  With kind regards,
  Rita Mensink

  Hi.
  After 2½ days of frustration I finally nailed this.
  Function group RHAC, that handles the authority checks, initially buffers a table called VIEW containing all objects available for the user. As stated earlier in this conversation, SAP handles creation of relations in HRP1001 (links PA and OM). At this point the new employee number is appended to buffered table VIEW in function group RHAC.
  When execution the PA40 activity through CALL TRANSACTION, the creation of the relations are not handled - and the same goes for updating the buffered table VIEW. The table can be updated using the function module RH_VIEW_ENTRY_INSERT from the same fundtion group:
  This example might be useful
    data: ls_view_entry type hrview,
          ls_related_object type hrobject.
    ls_view_entry-plvar = '01'.
    ls_view_entry-otype = 'P'.
    ls_view_entry-objid = lv_pernr.
    ls_view_entry-begda = '18000101'.
    ls_view_entry-endda = '99991231'.
    ls_view_entry-maint = 'X'.
    ls_related_object-plvar = '01'.
    ls_related_object-otype = 'S'.
    ls_related_object-objid = lv_ny_objid.
    call function 'RH_VIEW_ENTRY_INSERT'
      exporting
        view_entry     = ls_view_entry
        related_object = ls_related_object.
  Best regards
  Poul Steen Hansen
  Senior Technical Consultant
  EDB Consulting Group A/S, Denmark

• How to populate historical data in the appraisal

  Hello,
  I am working in Oracle PMS module. Our requirement is to display historical data of an employee in the next appraisal cycle.
  Eg. If there are 3 appraisal cycle in a year. In the first appraisal manager will add objectives and competencies for an employee. lets say he added competency 1 ,competency 2,Objective 1 and Objective 2. after completion of the first cycle.
  When manager initiates the second appraisal. in the objectives block 2 values (Objective 1 and Objective 2) should be auto populated. Same as in competency block 2 values (competency 1 and competency 2) should be auto populated.
  Here manager can add more objectives or competencies.
  Please suggest how this can be achived.
  Thanks in advance,
  sheetal

  Hi Shunhui
  Answers :-
  If the required fields are not available in the Maintenance link, does it mean that I have to goto SE11 and create an append structure for the extract structure MC02M_0ITM which belongs to the datasource 2LIS_02_ITM?
  Then I have to write codes in the user exit for transactional datasources in RSAP0001?
  Ans : That's correct . Once you have done this on R/3 side, replicate the data source in BW side. Activate the transfer rules with appropriate mapping for 3 new fields and also adjust the update rules so that these 3 new fields are availble in Info providers.
  Are you able to provide some information on the errors that might arise during transports with the delta being active in the production system? Will data be corrupted? Will I need to clear the delta queue before the transport goes over?
  Ans : I assume that deltas are active in Production system . There is risk to your active delta into BW .
  Before your R/3 transports reach Production system , you need to clear the delta queue that means bring the number of LUWs for 2LIS_02_ITM to zero . Also stop the delta collector job in R/3 for Application 02(purchasing). Make sure that there are no postings (transactions /users are locked) so that there will be change in purchsing base tables.
  Then send your R/3 transport into Production system (Append structure , new fields + user exit code) .Replicate on BW side. Now send the BW transports to BW production system .
  I had done this earlier for 2LIS_12_VCITM and had a step by step proceduew written with me ....will have to search for that document . Let me know your email ID , will try to send it once I find the document
  Regards
  Pradip
  (when you edit the questions , there are option buttons with which you can assign points for that you need to do log on to SDN )

• MSS genericiview and R/3 structural authorizations

  Hi,
  I have created some iViews based on par-file "eeprofilegenericiviewtable" to display R/3-queries. In R/3 we use also structural authorizations for the managers with functional module RH_GET_MANAGER_ASSIGNMENT.
  The structural authorization is working in R/3 for a selected manager selecting a query directly from the R/3 via SQ01, but it doesn't in the iview. When the same user is viewing the "query"-iview, the message "No data selected" appears.
  When I assign the user a structural authorization without the functional module RH_GET_MANAGER_ASSIGNMENT, e.g. only with some object types, the user can retrieve data without any problem using "query"-iview.
  Probably the problem is in the functional module HR_INFO_GET_USING_QUERY used for retrieving R/3 query data from the portal and used by the iview eeprofilegenericiviewtable.
  Has anybody met a similar problem? We are using EP6.0 SP14 and SAP R/3 4.6C.
  Beata

  Hi Dwayne (and others!),
  Were facing similar problems with the error message "R3_CONNECT_FAILED". However, our difficulties are a bit strange because i only occurs on one of our two server nodes. We're running SAP EP 6.4, SP9.
  Previously, we've had problems with the maximum number of connections towards our backend system, SAP R/3. But setting the environment variable CPIC_MAX_CONV helped us.
  However, now we get the above error, but only on one of our server nodes. Do you (or anyone else) have any suggestions as to what might be wrong?
  Thanks in advance,
  Rasmus

• SAP BI 7.0 Transport issue with HR Structural Authorization DSO

  Hi,
  I am trying to transport HR Structural Authorization DSO Objects in  BI 7.0  from Dev to QA system. The Data sources are 0PA_DS02 and 0PA_DS03. ( I am sure that there are lots of changes in Authrorization concept in BI 7.0),.
  1. Please suggest me if I need to make any changes and tests before moving these authorization objects to QA system.
  2. Also, do I need to take any pre-cautions while activating business content objects 0TCTAUTH  and 0TCTAUTH_T (Datasources look like are from 3.x) as I am getting issue with the activation of the transfer structure for these objects?
  Thanks a lot for your valuable inputs.
  Regards
  Paramesh
  Edited by: paramesh kumar on May 5, 2009 12:45 AM

  Hi Paramesh.
  You can use the DSOs 0PA_DS02 and 0PA_DS03 in BI7.0 as well. You just need to use the new generation of analysis authorizations in transaction RSECADMIN.
  You can use 0TCTAUTH and 0TCTAUTH_T in BI7.0, however we have experienced som problems with the 0TCTAUTH_T extractor, which dumped because of a poorly designed SELECT statement that was unable to cope with 10000 records. We have replaced it with a generic data source that uses table RSECTEXT directly.
  Regards,
  Lars

• Error Occured when Applying Structural Authorizations in E-Recruitment

  Dear Experts,
  The E-Recruitment functionalities were working fine when no structural authorizations are applied. However, when structural authorizations are configured for the user on the backend SAP system (I configured structural authorizations for the user to have access to only his own department), the E-Recruitment module does not work.
  When I tried to access requisitions-> maintenace, application management->applications, etc, (i.e. when the E-Recruitment module tries to retrieve data from the backend), the the following error message occurred.
  Error when processing your request
  What has happened?
  The URL http://<hostname>:<port>/sap/bc/bsp/sap/hrrcf_start_int/application.do was not called due to an error.
  Note
  The following error text was processed in the system ABC : <b>RAISE EVENT statement nested to deep.</b> The error occurred on the application server XYZ and in the work process 0 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
  Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
  Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
  Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
  Method: GET_RECORDS_BY_DATE of program CL_HRRCF_INFOTYPE=============CP
  Method: ON_REQUISITION_UPDATE of program CL_HRRCF_REQUI_BL=============CP
  Method: ON_CHANGE of program CL_HRRCF_INFOTYPE=============CP
  Method: INSERT_RECORD of program CL_HRRCF_INFOTYPE=============CP
  Method: READ_RECORDS of program CL_HRRCF_REQUISITION_INFO=====CP
  Method: GET_RECORDS of program CL_HRRCF_INFOTYPE=============CP
  Please advice if E-Recruitment supports structural authorizations. If it does, are there additional configuration required to enable structural authorization. Kindly enlighten me on how to resolve this error. Any help will be much appreciated.

  Hello Louis,
  I implemented e-recruiting with structural authorizations for a customer and encountered exactly the same error. Anything in the e-recruiting implementation leads to this problem. When you miss some object authorizations the implementation generates an infinite callstack which results in this short dump.
  So be sure you assigned all necessary objects to recruiters and also candidates (NA, NB, NC, ND, NE, NF, BP, CP, P, Q, QK, VA, VB, VC) but this might be difficult esp. with the P object, when you use structural authorizations for other purposes, too. This usually generates problems in manager involvement (e.g. manager can't choose a recruiter to approve his requisition as he has not the structural authorization for the hr department members).
  It is also a bit strange that candidates need for example change rights for the requisition (NB) although they won't actually change it but without it the relation application->requisition, candidacy->requsition cannot be created correctly.
  Last but not least be always sure that you refreshed the authorization buffers after changing structural authorizations. They are usually switched on for better performance.
  Best regards
  Roman Weise
  PS: be aware that using structural authorizations will keep you busy for some time. we needed ~2 months to set up the system in a way that e-recruiting worked as the custoimer wanted without interfering any other productive hr component (admin, org. mgmnt., managers desktop).

• HR Structural Authorization DSO's

  Hi,
  I have developed HR module for the first time. I need to create the authorization objects for the HR reports.
  I found 0PA_DS02 and 0PA_DS03 for structural authorizations in HR. I dont understand the purpose of these DSO's.
  Can some one explain what is purpose of the 0PA_DS02 and 0PA_DS03 dso's and how to create authorizations in HR?
  Thanks and Regards,
  Pooja

  HI Pooja,
  Use "Rsecadmin" create a authorization object and in that click on the below tool bar infocube authorizations which gives you a option to choose the infoprovider either cube or dso .choose your dso and then navigate around according to your requirements with include option.
  I think you need to load the DSO 0TCA_DS01 for Authorization Data(Values). Activate this DSO and try loading the data into this DSO as well and then try to generate the authorizations from this
  Thank you

• Context sensitive solution for Structural authorization

  Dear all,
  I would like to know whether new relationship, evaluation path and authorization profile has to be created for each role with context sensitive structural authorization ?
  In T77UA table, each user has assigned a profile which tells the system how to find the structure by evaluation path (in T77PR table).  Then in tranx OOAW, the evaluation path indicate how to build the structure by series of relationship, and this way we have to create new relationship for each role with context.
  Am i correct ? 
  If an organization has many roles, then many relationship, evaluation path, profile.. has to be created !
  Thanks for your help !
  patrick cheung

  Hi Chandra,
  Thanks for your prompt reply !
  This is for <u>Context Sensitive</u> solution, <b>not</b> the normal structural authorization:
  Yes, if you add the authorization object P_ORGINCON in PFCG, you will notice that the field "<b>Authorization Profile</b>" has to be entered which tells the system <i>WHICH ORG STRUCTURE</i> does this authorization are refering to...
  In table T77PR, instead of hardcoding the organization unit in the object ID field, we use Evaluation path to tell the system how to find the org structure for employees.  Function RH_GET_MANAGER_ASSIGNMENT will return the org unit ID for the evaluation path.
  In transaction OOAW, the said evaluation path specified the relationships which the system should use to draw the org structure of the employee's supervision... and there should be relationship like "<b>Is managed by</b>", may be as follows:
  O     B     002     Is line supervisor of     *     O
  O     A     011     Cost center asignmnt     *     K
  O     B     003     Incorporates     *     S
  O     B     012     <b>Is managed by...</b>     *     S
  Up to now.... if you want to assign authorization to someone as follows, you could not simply maintain the same relationship "<b>Is managed by</b>" to Org Structure A and B because this will confuse the system as to which org structure you want the employee to maintain infotype 7 or 14/15.  You should then create different relationships and maintain them to Org Structure A and B.  And tell the system how to find the structure from the Evaluation path, which is stick to the Auth. profile.  The Auth. profile is then maintain in the Context sensitive master data object P_ORGINCON !
  (1)
  Org Structure A
  Maintain only infotype 7
  (2)
  Org Structure B
  Maintain only infotype 14, 15
  So... that's why i said if an employee has many role to perform duties in many different Org Structures (e.g. A, B, C...etc), you would create many relationship...
  Hope this message will give idea to someone who intend to implement Context Sensitive Solution.

• HR structural authorization

  Hello Friends,
  I am trying to get concept of HR structural authorization.  I have read the document " Structural Authorizations Step by Step, with Gotchas Too by Norm and Carl". After reading this document, what i have understood is In Structural authorization, we create PD profile eg: Manager, employee, ALL etc via transaction OOSP. And after that you assigned these profile to position via report RHPROFL0 or manually via transaction OOSB.
  But what i am not able to understand is
  1.How do this profile Manger, Employee etc will work? How do Users get authorization. What types of activities Uses are able to perform?  What type of data user will have acess to? Do users get authorization to transaction like PA20 or you still need additional role that is created via PFCG.
  2. What my understanding is Users who are in the top Hierarchal nodes or structure (eg: manager) is able to access data of employee below him. Do we still need to create roles like MSS and ESS role via transaction PFCG?
  If somebody can clarify, I will really appreciate.

  Hello Mate,
  Have a loook at this thread, this may help .
  Re: How to Restrict HR Org Structure from other Org Structures
  Regards,
  Regi

• HR-Structural Authorization-AUTSW ORGPD switch

  Hi All,
  We are facing an issue with our structural authorization.
  Our HR user are unable to view details of the employee who is been terminated in PA20.
  Background:
  1)The user is terminated on 10/2009
  2)when the user was terminated he was assigned to the org unit 10.
  3)Later the org unit 10 also got inactive.like it is not in the org structure anymore this is from 02/2010.
  4)From 02/2010 on HR users are unable to view the employee details (who is terminated and belongs to an inactive org structure) in PA20
  Analysis:
  1) When we see in the OOSB Information the HR user is not having authorization to view this org unit from the time it is moved out of org structure.I.e 02/2010.The endda is showing 02/2010 against the org unit in structural access of the Hr user.
  2)Other observation is that after HR users give PA20 we have taken su53 and it shows taht P_ORGINCON missing authorization for D,infotype 0000,subtype termination.
  3)we have done testing in Dev by changing AUTSW-ORGPD switch to 3 still no use.
  4)We did AUTSW-DFCON to 3 as we ahve context authorization also it also did not work.With DFCON 4 it is working but HR users are able to view not only their counry employee but also other country employees org assignmnet in PA20 which not acceptable.
  Requirement:
  HR users should be able to view terminated employees with org assignment(IT 0001)  but that org unit is not in validity date(i.e A 002 for org unit is delimited) .
  Any suggestions or ideas to handle the terminated employees in the delimited orgunit will be of great help...
  Regards,
  Vani.

  Hi,
  We are using DFCON = 4 and it is working for us. Try this way. If the user terminate then fill the Org Key in IT0001 with some Value YYY and then use this value in P_ORGINCON Filed Value VDSK1 = YYY and also PA restriction.
  Or Write a FM to get the terminate pernr to users structure and use the Context it may work.

• Failed HR Structure Authorization: should not be possible

  Hi there,
  I've got a strange problem which is quite similar to [this one|https://forums.sdn.sap.com/click.jspa?searchID=10542618&messageID=4893986], but the difference is that my userid does not have an entry in OOSB (T77UA) so it should not have missing HR Structure Authorizations because the general principle in the HR Structure is: No profile - No restrictions.
  However, this user is restricted, but not for all records. The restrictions seem very random.
  It seems that the userid itsself causes the problem. The account has been copied from another account. If you copy this account to any other userid then the problem does not occur, but I have to use this particular one because it is the official userid (personnel number).
  As I said earlier, OOSB is empty and also infotype 0105 (Communication) is set properly.
  I even tried to delete and re-create the userid completely but this did not help.
  It looks like there are some 'hidden entries' in table T77UA or another table setting for this userid that I am not aware of. Could anyone help me out her?
  Thank you!
  Kind regards,
  Lodewijk

  Hi Lodewijk,
  You say your problem is similar to the one you're referring to in your initial post.  Does that mean that you also get an error message saying:
  The last authorization check was successful
  Failed HR Structure Authorizations
  Date xxxxxxxxxxxxxxxxxxx

• SAP HR Structural Authorizations

  Hi Experts,
  I need a help regarding SAP HR Structural Authorizations.
  Currently our HR System is set with structural authorizations were in
  users will be accessing HR Org structure with different pd-profile and HR relationships (with Org units ex:
  assistant relation, manager relation).
  Now we want to design the roles based on company codes, where users should be able to see
  all organization units within company code 'xyz'.
  Do we need to create new pd-profile or new HR relationships or just restrict within existing HR roles for
  accessing organizations units within different company codes.
  Please guide me steps to proceed with this requirement?
  Your early response is highly appreciated, thanks in advance......

  You will need to talk to the HR folks about this and whether any employee grouping on the HR side matches a company code unit on the FI side to use in the authorizations.
  This means that HR data and processes are also aligned to finance processes, which was often the case with local HR systems but less so with global ones.
  The answer is on your side in the data and the processes. There is no single field which you can use for both, let alone an org. level field known to structural authorizations.
  Cheers
  Julius