Hello,
In Structural Authorization, if there is an entry for user SAP* in OOSB, then all user inherit access to the Authorization profile.
Suppose we have 2 custom Authorization profiles - Z_HR and Z_USER. These are governed by their custom Function Modules.
Scenario:
So, if we enter SAP* - ALL, in OOSB, then all users will get full access to the entire Org Structure.
Then we use context based Security : P_ORGINCON and assign Z_HR to all HR personnel Roles.
So, even though the HR personnel will inherit ALL from OOSB, the restriction in P_ORGINCON will restrict them to Z_HR. Is that correct?
(This would eliminate the need to maintain Z_HR in OOSB for each HR personnel)
And all other user who do not have P_ORGINCON in their User Master, will not get any structural Profile access, so in spite of them getting ALL in OOSB (via SAP*), they will not have the structural access.
Will this scenario work?
Or do we need to add each HR user's User ID in OOSB with Z_HR?
Thanks in advance.