Hello,
Our company does not currently utilize structural authorizations across HR but we're exploring use of this functionality as a means to restrict user access to workflow agent responsibility setup via OOCU_RESP. Standard security setup for this transaction does not provide the ability to restrict against a specific rule number.
My question is how to best configure this area to restrict access to a specific rule (object type AC) while not impacting other areas of HR access for the user. Effectively I want the user to have all access provided under the delivered 'ALL' profile except when it pertains to object type AC which is restricted.
I have configured the profile as follows:
| Seq | Plan Version | Obj Type | Obj ID | Maint |
|---|---|---|---|---|
| 1 | 01 | AC | 90000001 | X |
| 2 | ** | RY | X | |
| 3 | ** | US | X |
Under this setting, assigned users are only able to modify rule 90000001 in OOCU_RESP - attempts against other rules are restricted as expected. How can I enable access for all other object types? A brute force approach would be to repeat rows 2/3 for all other object types in the system but this does not seem practical. What would be the best way to meet the objective? I am a longtime SAP consultant in many areas but have not done anything in HR so this area is new to me. Appreciate thoughts from the HR gurus out there.
Regards,
Adam