Authorization objects enable complex checks of an authorization, which allows a user to carry out a particular transaction in SAP. An authorization object can group a maximum of ten authorization fields that are checked in an AND relationship.
LIST OF IMPORTANT SAP HR AUTHORIZATON OBJECTS
P_PERNR (user’s own HR master data check)
- Defines what HR master data (in the PA module) users can access about themselves, as well as the level of access (read, write, etc.)
PLOG (personnel planning check)
- Defines what objects within Organizational Management (OM), Training and Event Management (PE), and Personnel
- Development (PA-PD) modules a user can access (e.g., infotype, plan version, object type, etc.)
P_HAP_DOC (appraisal documents)
- Defines access to appraisal documents (e.g., appraisal template ID, level of access, etc.)
- Specific to the new Performance Management functionality (Objective Setting and Appraisals [OSA])
P_ORGINCON (Context-sensitive HR master data check)
- Same as above P_ORGIN, but can be used in conjunction with structural authorization
P_ORGIN (HR master data check)
- Defines what HR master data (in the Personnel Administration [PA] module) users can access (infotype, personnel area, employee group, subgroup) as well as the level of access (read, write, etc.)
S_TCODE and P_TCODE (Transaction checks)
- Define which transactions users can start
P_TCODE specific for HR (provides an additional level of security)
- With authorization object, P_TCODE, enables you to check whether a user is authorized to start the different HR transactions.
- This authorization object contains the HR transaction codes without their own authorization object
P_PCLX (HR: Clusters)
- Area identifiers for clusters (T52RELID values) & Auth level (R, U, S)