General authorizations that are
based on the SAP wide authorization
concept or you can set up HR-specific structural
authorizations that will check organizational assignment if a user is authorized
to perform an activity.
2. What are structural authorizations?
See question 1.
3. How are authorizations defined? An authorization object can define maximum 15 fields that occur in an authorization? True or False?
This authorization type applies to the general SAP authorization check, which is set up using the transaction PFCG. The authorization objects that are used only in mySAP HR are HR-specific authorization objects.
Authorizations are defined by authorization
objects. An authorization object specifies the fields that occur in an
authorization. The system checks if a user has the corresponding authorization
for certain field specifications in the user master record.
4. What is an authorization profile? How are users authorizations determined?
Users must be created and roles assigned to user master records before you can use the SAP System.
A user can only log on to the system
if he or she has a user master record. A user menu and authorizations are
also assigned to the user master record via one or more roles.
5. What is a role? How the access to transactions, reports and web based applications included in a role defined?
Roles are collections of activities
which allow a user to use one or more business scenarios of an organization.
The transactions, reports and Web-based applications in the roles are accessed
using user menus. User menus should only contain the typical functions
in the daily work of a particular user.
6. Roles can be found under generic name SAP_HR*? True or False?
True
7. What is a profile generator?
8. How do you create users?
9. What are the ways of setting up general authorization checks?
10. What are the two types of
double verification principle? Explain with example?
11. Authorization main switches
are stored in Table T74SO or T76SO or T77SO? To permit extended authorization
check along with master data check what settings need to be done?
12. Describe in brief the period
of responsibility with reference to a user giving examples?
13. What are P_ORGIN and P_ORGXX?
P_ORGIN consisting of fields
AUTHC Authorization
level
INFTY Infotype
PERSA Personnel
Area
PERSG Employee
Group
PERSK Employee
Subgroup
SUBTY Subtype
VDSK1 Organizational
Key
and
P_ORGXX consisting of fields
AUTHC Authorization
level
INFTY Infotype
SACHA Payroll
Administrator
SACHP Administrator
for HR Master Data
SACHZ Administrator
for Time Recording
SBMOD Administrator
Group
SUBTY Subtype
Once these are provided to the user, he/she can access the data accordingly.
Let us take for example there is a role maintained for a user.
This is how it looks for a user in SU01
Standard Cross-application
Authorization Objects
Standard Transaction
Code Check at Transaction Start
Transaction Code PA51, ZPTR0011
Changed Human
Resources
Changed HR: Master
Data
Authorization level
R
Infotype
2006, 2007
Personnel Area
HYD, BGL
Employee Group
*
Employee Subgroup
*
Subtype
*
Organizational Key
*
Inactiv
Standard HR: Clusters
Inactiv
Standard HR: Master Data - Personnel Number Check
Now this employee is capable of
looking into data from 2 personal areas HYD and BGL only .
Also, if this being maintained can
be used in the custom reports (Z-report) as well for restricting the data
according to locations.
14. To implement structural authorizations
you need to have existing the PA module? True or False?
15. What do C, S, P and O stand
for?
16. What do mean by the terms
1. Status vector
2. Display depth
3. Period
4. Function Module
17. Describe in brief giving
examples how period of responsibility is determined for the general authorization
check in a structural authorization check?
18. What are PD profiles and
SD profiles? What do they do?
