Regarding Time Logic in HR Security

Former Member · ‎12-30-2008

Hi,

Sometimes as per the time logic in HR security, users can access( read, as well as write ) the data records( of an infotype ), which do not fall under any of the periods of responsibility of the user.

Can someone let me know the logic behind this?

Thanks a lot in advance.

And wish you & your family a very happy & prosperous new year.:-)

Regards,

Sachhidanand

Former Member · ‎12-30-2008

Can you elaborate your query, this will make it easier for all to respond to

Cheers !!

Zaheer

Former Member · ‎12-30-2008

Hi Zaheer,

Period of Responsibility:- Suppose a personnel administrator can access( read, as well as write ) IT0008 of persons belonging to personnel area 0001. Now consider a person having following IT0001 records.

Record No. Personnel Area Start Date End Date

1 0001 1/1/2006 31/12/2006

2 0002 1/1/2007 31/12/2007

3 0001 1/1/2008 31/12/2008

Now we can say, 1st & 3rd record falls under the period of responsibility of the administrator.

Tolerance Time:- Suppose the personnel administrator( in the above example ) can access the IT0008 records till 15/1/2007, then we can say the tolerance time is 15 days. Transition related formalities is the main purpose behind the tolerance time.

Time Logic for Read Access:- The tolerance time and the end date of the period of responsibility are determined.

1. If the current date (SY-DATUM) does not lie further than the tolerance time

past the end date of the period of responsibility, the period 01/01/1800 to

12/31/9999 is set as the new period of responsibility.

2. If the current date lies further than the tolerance time past the end date of

the period of responsibility, the period 01/01/1800 to the end date of the old

period of responsibility is set as the new period of responsibility.

Finally, the check establishes whether the validity period BEGDA to ENDDA of

the infotype intersects fully with the newly defined period of responsibility, that is,

whether at least one day lies in both periods.

a) If the intersection is not empty, the time logic check returns “authorized”.

b) If the intersection is empty, the time logic check returns “not authorized”.

Time Logic for Write Access:- If the first day of the period of responsibility

concurs with the first day of the organizational assignment (BEGDA of the first

infotype record of infotype 0001, normally the date of the initial setting), the

period of responsibility is extended to begin on January 1, 1800. This is necessary

to ensure that users can access dates that are before the initial setting (for example,

infotype 0002).

If the current date is within the period of responsibility or is not after the end of a

responsibility interval by more than the tolerance time, the period January 1, 1800

to December 31, 9999 is set as the new period of responsibility.

If the current date is outside a responsibility interval and by more than the

tolerance time after the end of each responsibility period, all responsibility

intervals that are before the current date are deleted.

The check establishes whether the validity period BEGDA - ENDDA of

the infotype to be written is completely within the newly defined period of

responsibility:

1. If the validity period is within the period of responsibility, the time logic

check returns “authorized”.

2. If the validity period is not within the period of responsibility, the time logic

check returns “not authorized” and terminates.

We can see, sometimes as per the time logic, users can access( read, as well as write ) the infotype records not falling under any of their periods of responsibility. And I want to know the logic/purpose behind this.

If you know any of these( explained above ) things already, then please don't think, I doubt about your knowledge. I have just tried to make my question more clear.

Thanks.

Regards,

Sachhidanand