HPR1001 is a OM table. It is the table which corresponds to infotpe 1001. For maintaining the table we have to mantain through infotype 1001. Some transactions which can be used for the same are pp01, pp02, and also through the easy access menu.It is used to maintain relationship between various objects existing in the system such as Org Units, Position,Jobs, etc. Use FM ‘RH_INSERT_INFTY_1001_EXT’ to insert records in this table. Whenever you create a position for an employee using PP03,all the relationship created against that position is stored in this table.
Organizational Key VDSK1
VDSK1 is the feature to represent the Organizational Key which is important to run diverse authorization checks by organizational assignment in SAP HR. The Organizational Key enables you to define the organizational assignment more exactly. It Consists of elements from Enterprise Structure and Personnel Structure. Its content is derived from either the Organizational Assignment IT-0001 or from the manually written entries.
Configure OM Infotypes – add/hide tabs
For Example: Hiding or adding the Address infotype tab which gets displayed at the bottom of the PPOME screen.
The tabs for infotypes can be configured by using the table T77OMTABUS
Steps to configure:
1. Select the scenario OME0 (Organization and Staffing) from Scenario Definition (Hierarchy Framework).
2. With the selected scenario, select Tab Page in Scenario for each Object Type tab on the left side under the tab Scenario Definition (Hierarchy Framework).
3. Double click on the Tab Page in Scenario for each Object Type with the selected scenario.
4. It will display columns like scenarios, Object type, tab page, sequence, report name etc. The last column would be Do not Display column. It should be checked if that particular infotype for Object Type needs to be displayed else it should be unchecked.
Note: The columns are the combinations of Object type, tab page etc. So while performing the Do not Display column activity, these combinations should be checked thoroughly based on the requirement.
Developing OM Infotypes – PPCI
Although the need for creating OM ifotypes is rare, some projects do require this knowledge. In some ways OM infotypes are similar to their PA counterparts. For example:
- Infotypes have a validity period – start date and end date
- Each Organizational object has a record of infotype 1000 (object infotype)
SPOCK – Objects in OM
S.P.O.C.K – These are the most important objects in OM
- Reporting for each is required seperately
- Units can have Managers/Leaders
- Units that have distinct tasks/activities
- Org Unit – Org title, description, address, head of Org Unit, cost center, account assignment features
- Position – Position title, description, Vacancy, Address, Work Schedule, Cost Distribution, Worker’s Comp codes, Account assignement features, Cost Center override
- Job – Class title, Description, Salary band/Scale, FLSA Status, EEO/AAP codes
Organizational Management – purpose
OM is installed before Personnel Development(PD), Recruitment, Compensation Management (CM/ECM), Workflow, Time Management, Security, ESS/MSS etc. OM structure provides the foundation for these modules and streamlines business processes. For example MSS setup can be such that the manager will be able to view only the details of those working under him/her – the details of persons working under the manager are picked up from OM. Similarly data from OM is used when WF has to route the work of approving the leave of an employee to his/her manager.
Main HR Authorization Object for Security
Some of the main HR authorisation objects are:
Object: PLOG Personnel Planning
Fields: PLVAR Plan Version
OTYPE Object Type
INFOTYP Infotype
SUBTYP Subtype
ISTAT Planning Status
PPFCODE Function Code
Definition:
The present object is used by the authorization check for PD data.
Field Details:
PLVAR – Plan version This field defines which plan version(s) the user may access.
OTYPE – Object type This field defines which object types the user may access.
INFOTYP – Infotype This field defines, which infotypes, that is, attributes, of an object the users (generally) may access.
SUBTYP – Subtype This field determines which subtypes the user may access for given infotypes.
Relationships are special subtypes for infotype 1001. Consequently, the relationships for which a user should have access authorization can also be limited in this field.
ISTAT_D – Planning status This field determines in which planning status the user may access information.
OKCODE – Function code This field defines for which type of information processing (Display, Change ) the user is authorized.
The possible values are defined in table T77FC. This protection against unauthorized access is extended by the structural authorization check. Two types of function codes are distinguished in HR management. By marking the processing method Maintenance in table T77FC the function codes are indicated, with which objects may be maintained within the structure; Otherwise, only Display is allowed.
The function code has effects in connection with the structural authorization. In table T77PR, authorization profiles can be indicated which are to have maintenance authorization for the structure. Without this authorization, you can only display structures. Consequently, the overall authorization results from the intersection between basis authorization and structural authorization.
Object: P_ABAP HR: Reporting
Fields: REPID ABAP Program Name
COARS Degree of simplification for authorization check
Definition:
The authorization object HR reporting (P_ABAP) is used in many ways:
HR Reporting with HR Reporting are reports with the RE.SAPDBPNP logical database PNP .
Report: RPUAUD00 Logged changes in infotype data Processing person-related data using payment medium programs from Accounting.
To 1. You can use the relevant authorization for these objects to control how the objects
UO.P_ORGIN HR: Master data (P_ORGIN), UO.P_ORGXX HR: Master data – extended check (P_ORGXX) and CHAP.OHIX0010 structural authorization check are used in specified reports to check the authorization for INFTY HR infotypes . In this way, you can carry out a fine-tuned control on reports for infotype authorization.
This can be useful for functional reasons or to improve performance at runtime of the corresponding reports.
For this object, specify the report name(s) and the degree of simplification to be used for the authorization check.
Note:
Note that this object differs from the object UO.S_PROGRAM ABAP: Program run checks . The latter is used for general program authorization checks.
In HR reports, these checks are carried out in addition to the HR infotype authorization check.
HR: Reporting , however, overrides the HR infotype authorization check for selected reports, with the result that the authorization checks are weakened or completely switched off.
Examples:
In your company, the authorization for infotypes is, for example, independent of the authorization for specific organizational units (one administrator may be authorized to access address, personal and education data only for personnel area 0101 – but not for address data in personnel area 0101 and personal data in personnel area 0102). If you enter 1 in the Degree of simplification field, the above facts are taken into account in the specified report and the check is carried out more quickly for a user with this authorization.
If certain HR reports are not critical (telephone lists etc.) and authorization protection is not required, enter the report name and = * in the Degree of simplification field. The system then checks whether the person starting the report is authorized to do so (object – ABAP/4: Program run checks), but performs no other checks (object – HR: Master data).
In your company, one user may have access to all HR infotype data. For this user, enter * in the Report name and Degree of simplification fields. The system then only checks whether this user is authorized to start the report in question but not whether he/she is authorized to display the requested HR infotype data.
A time adminstrator should carry out time evaluations (report HR: Time – time evaluation (RPTIME00) for employees with the organizational key 0001TIMEXXX . For certain additional information that is needed internally (the program user either cannot see this, or can only partially see it), the Basic pay infotype (0008)must be imported, for example, to timeevaluation. To carry out time evaluation, the administrator must therefore have display authorization for the Basic pay infotype (0008).
If the administrator is not to have display authorization for this infotype, the read authorization for the Basic pay infotype can be restricted for individuals with the organizational key 0001TIMEXXX for the report HR: Time – Time evaluation (RPTIME00). For this, use the following authorization
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0008 ‘ ‘
Subtype * ‘ ‘
Authorization level R ‘ ‘
Organizational key ‘ ‘ 0001TIMEXXX
Object HR: Reporting (P_ABAP)
Report name RPTIME00
Degree of simplification 1
In this way, a simple check is carried out for the authorization check infotype in conjunction with the report HR: Time – Time evaluation (RPTIME00): The infotype, subtype, level are checked, and then, independently, the organizational assignment (in the example, the Organizational key field) (according to degree of simplification 1 ). In report HR: Time – Time evaluation (RPTIME00), infotype Basic pay (0008) can also be read. However, if the check is not in conjunction with the report HR: Time – Time evaluation (RPTIME00), all fields of the object HR:
Master data (P_ORGIN) are checked together, but in this way there is no read access to the Basic pay infotype (0008). TO 2. Evaluations of the logged changes in infotype data are subject to infotype authorization checks. However, usually, someone, who starts such an evaluation, has extensive authorizations.
In this case, it is useful, in order to ensure improved performance, to do without the check of individual data and instead, grant the user global authorization for logging evaluations using the report Logged changes in the infotype data (RPUAUD00).
For this, use an authorization for the object, by specifying the value RPUAUD00 in the Report name field, and the value 2 in the Degree of Simplification field. To 3 The payment medium program of accounting processes, in particular, confidential personal data.
In addition the check to see whether the user is authorized to start the program, a check to see whether the corresponding authorization exists for the object is also carried out, as an additionl security measure : The name of the payment medium program must be entered in the Program name field, the value 2 (or * must be entered in the Degree of simplification field.
Field Details:
Report name
COARS Degree of simplification
Object: P_APPL HR: Applicants
Fields: INFTY Infotype
SUBTY Subtype
AUTHC Authorization level
PERSA Personnel Area
APGRP Applicant group
APTYP Applicant range
VDSK1 Organizational Key
RESRF Personnel officer responsible for application
Definition:
This object is used for the applicant data authorization check. This check is carried out when INFTY applicant infotypes are edited or read. When a transaction for editing applicant data is accessed, the system first checks whether the user has the minimum authorization. Depending on the transaction this may be write authorization or read authorization ( AUTHC_D authorization level = ‘*’ or R). If the user has the minimum authorization, a further and more detailed authorization check is carried out within the transaction itself.
Field Details:
INFTY Infotype
SUBTY Subtype
AUTHC_D Authorization level
PERSA Personnel area
APGRP Applicant group
APTYP Applicant range
VDSK1 Organizational key
RESRF Personnel officer responsible for applicant
Object: P_ORGIN HR: Master Data
Fields: INFTY Infotype
SUBTY Subtype
AUTHC Authorization level
PERSA Personnel Area
PERSG Employee Group
PERSK Employee Subgroup
VDSK1 Organizational Key
Definition:
The object HR: Master data (P_ORGIN) is used for authorization checks of personal data. Checks are performed only when INFTY HR infotypes are edited or read.
When you call up a transaction for editing of personal data, the system checks that you at least have one read authorization ( AUTHC_D authorization level R). If you do, a more specific authorization check is carried out within the transaction. In HR reports that use the
Program run checks and UO.P_ABAP HR:
Reporting must also be taken into account.
Note that values specified for the individual fields do not generally contain other values. The value ‘ ‘ must therefore be specified explicitly. The value ‘ ‘ must always be used for the subtype field (reason: the field is initial if the infotype does not support any subtypes, or if the subtype has not been specified).
Field Details:
INFTY Infotype
SUBTY Subtype
AUTHC_D Authorization level
PERSA Personnel area
PERSG Employee group
PERSK Employee subgroup
VDSK1 Organizational key
Object: P_ORGXX HR: Master Data – Extended Check
Fields: INFTY Infotype
SUBTY Subtype
AUTHC Authorization level
SACHA Payroll Administrator
SACHP Administrator for HR Master Data
SACHZ Administrator for Time Recording
SBMOD Administrator Group
Definition:
The object HR: Master data – Extended check (P_ORGXX) can be used to check authorization for personal data INFTY (HR infotypes) This check is not active in the standard system. The program switch HR: Master data – Extended check (ORGXX) can be used to add this check in the standard system or set it as an alternative to UO.P_ORGIN HR: master data . The main switch settings can be processed using transaction HR: Authorization switch (OOAC)
Field Details:
Administrator for the person being processed (stored in the
organizational assignment infotype)
SACHA Payroll administrator
SACHZ Time data administrator
SACHP HR master data administrator
SBMOD Administrator group
View of data:
INFTY Infotype
SUBTY Subtype
AUTHC_D Authorization level (write, read, write with lock indicator, unlock).
Object: P_PCLX HR: Clusters
Fields: RELID Area identifier for cluster in tables PCLx
AUTHC Authorization level
Definition:
This object is used in the authorization check when accessing PCLx (x = 1, 2, 3,4) HR files using the PCLx buffer (interface supported by HR).
Field Details:
Cluster ID: enter the cluster name in this field. Authorization level: in this field you must specify the operation to be carried out on the cluster along with the cluster ID specified above.
The values which can be entered here are R (read), U (update database) and S (export data to PCLx buffer without database update).
Report RHINTECHECK
Many are familiar with Integration Reports between PA – OM/PD such as below
- RHINTE00 – Transfer PA Records To PD Positions. In another world, it creates the HRP1001 between P to S in the OM side of the world. When you view a record via IT0001, you see this person holds the position, however via HRP1001, that relationship isn’t so.
- RHINTE10 – Generates the required relevant tables. (T513 – Jobs, T513S – Jobs, T528B – Positions, T528T – Work Center, T527X – Org Unit
- RHINTE20 – checks for all objects for integration between PA and OM. This is a big one and will take awhile to run. What it does is look at table T513/T513T – Jobs, T528/T528T – Position, and T528X – Org Unit. It will then compare it against the HRPxxxx table to find missing objects. If there are any missing objects, it will create the record.
- RHINTE30 – Transfer OM to PA. This will create infotype 0001. If the conversion strategy is to have SAP auto inherit factor to kick in for IT0001, often time jobs and org unit are missing via IT0001 during the inital conversion load. RHINTE30 will find the relationship and push it through IT0001.
How To Transport Organizational Structure
SAP deliver a really neat tool called “Manual Transport Link”. You can access it via transaction SE38 and progam name RHMOVE30.
What this program does is allowing you to capture PD/OM objects and place it in a transport you can easily release and apply to other clients / systems.
To start, let say for example you want to transport organizational structure and all positions below it. WIth that, you will start with creating 1 transport containing all O objects. Specify the O objects, all for reporting period, and add it to the transport. To specifically capture the position, specify the evaluation path in the selection paramters for it to find the position and add that to the transport.
Do some trial and error testing of this in a sandbox environment with different selection variations to see how it operate. You might find the best combination that fit your needs.
I was at a SAP implementation with the production orgranizational structure was maintained in a DEV environment during the lifecycle of the project. Using this allows you to transports exactly how production structure will look like to all your environment. Thus easily replicating conversion cycles multiple times and cutting the time out from converting OM objects.
OM – Transaction codes
PPOM – Change org Unit
PO03 – Maintain Jobs
P013 – Maintain Position
PO10 – Maintain Organizational Unit
PP01 – Maintain Plan Data (menu-guided)
PP02 – Maintain Plan Data (Open)
PP03 – Maintain Plan Data (Event-guided)
PP05 – Number Ranges
PP06 – Number Ranges Maintenance HR Data
PP07 – Tasks/Descriptions
PP69 – Choose Text for Organizational Unit
PP90 – Setup Organization
PP01 – Change Cost Center Assignment
PP02 – Display Cost Center Assignment
PP03 – Change Reporting Structure
PP04 – Display Reporting Structure
PP05 – Change Object indicators (O/S)
PP06 – Change Object indicators OS
PPOA – Display Menu Interface (with dyn.)
PPOC – Create Organizational Unit
PPOM – Maintain Organizational Plan
PPOS – Display Organizational Plan
PQ01 – Events for Work Center
PQ02 – Events for Training Program
PQ03 – Events for Job
PQ04 – Events for Business Event Type
PQ06 – Local Events
PQ07 – Resource Events
PQ08 – Events for External Person
PQ09 – Events for Business Event Group
PQ10 – Events for Organizational Unit
PQ11 – Events for Qualification
PQ12 – Resource Type Events
PQ13 – Events for Position
PQ14 – Events for Task
PQ15 – Events for Company
PSO5 – PD : Administration Tool
PSOA – Work Center Reporting
PSOC – Job Reporting
PSOG – Org Mgmt General Reporting
PSO1 – Tools Integration PA-PD
PSOO – Organizational Unit Reporting
PSOS – Position Reporting
PSOT – Task Reporting