Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can we restrict HR users from viewing the data for their Peers?

Go to solution
Former Member

‎06-04-2009 6:22 PM

0 Kudos

Hello,

We use SAP for HR, Benefits,Payroll and (ESS) Employee Self Services. We limit the users in ESS to their own data using P_PERNR.

I've recently been asked if we can secure and restrict users from viewing/maintaining data for Peers?

Does anyone have any experience or documentation for limiting a users access to exclude their Peers?

Thanks in adavance for any suggestions.

Penny

1 ACCEPTED SOLUTION

Go to solution
Hank
Explorer

‎06-04-2009 7:05 PM

0 Kudos

By using a combination of p_orgin (N/A) and p_pernr (infotype 0008) and ( I ), if we are talking about not seeing peers pay.

Sapsec-HB

5 REPLIES 5

Go to solution
Hank
Explorer

‎06-04-2009 7:05 PM

0 Kudos

By using a combination of p_orgin (N/A) and p_pernr (infotype 0008) and ( I ), if we are talking about not seeing peers pay.

Sapsec-HB

Go to solution
Former Member
In response to Hank

‎07-17-2009 8:50 PM

0 Kudos

Thank you for the response. I am pretty familiar with P_ORGIN and P_PERNR objects and I guess I need HR to define Peer's. I believe they want users to be able to view and mainatin 'some' people's pay, but not someone in their department??

I'll get clarification before seeing further information.

Thank you.

Penny

Go to solution
Former Member

‎07-20-2009 11:27 PM

0 Kudos

> I've recently been asked if we can secure and restrict users from viewing/maintaining data for Peers?

Are you refering specifically to the PA Department?

If there is no valid reason to view anything, use p_pernr for themselves.

Perhaps you could explain your question more clearly?

Cheers,

Julius

Go to solution
Former Member

‎07-21-2009 8:39 PM

0 Kudos

When asking HR folks for more specific information on their request, they stated that this is not a concern at this time and I need not spend any more time on this.

Thank you all who participated. I'll be more thorough next time.

Go to solution
Former Member
In response to Former Member

‎07-21-2009 10:15 PM

0 Kudos

Perhaps this was a precursor in the direction of SoDOff (Segrgation of Department Offices) ?

I guess they realized that they would need an organizational restructuring to make this possible...

My recommendation would be to look for compensating controls. There are many tools for this in HR, and you don't need to paralyze your processes to be compliant with some potential risks.

Generally, if you make your processes very efficient and also largely automated, then the possibilty for human intervention (and their access) can be restricted further as well at the application layer (if the user is restricted to that).

A good example is provisioning of data, in the stead of manually entering it.

Cheers,

Julius

Edited by: Julius Bussche on Jul 21, 2009 11:16 PM