06-23-2009 3:27 AM
Hi HR Folks,
I had created ESS role with combination of services added in menu and infotypes added in authorization tab but employees was able to see his/her data along with others data so how to restrict the employee so that he/she can see only his/ her data.
Thx,
Lisa pl
06-23-2009 9:47 AM
Hi,
In case of ESS roles we need to use p_pernr authorization object only without using p_orgin. In MSS role both are needed for active control. Users who are not administrators should not be granted p_orgin by restricting them from HR master data. Below is the design details for ESS.
Every employee who uses the SAP Employee Self-Service is granted the following two authorizations for the P_PERNR authorization object:
AUTHC = R, M
PSIGN = I
INFTY = *
SUBTY = *
and
AUTHC = *
PSIGN = I
INFTY = 0006
SUBTY = *
Please let me know if any issue.
Regards
Aveek.
06-23-2009 4:39 AM
Hi Lisa,
Check your ESS role for authorization object P_PERNR, it should have the R,W for the infotypes with PSIGN field value as "I".
Refer to documentation about P_PERNR
http://help.sap.com/erp2005_ehp_02/helpdata/en/94/b8b83b5b831f3be10000000a114084/content.htm
Also, check the process flow for the authorization check by personnel number.
Cheers !!
Zaheer
06-23-2009 9:47 AM
Hi,
In case of ESS roles we need to use p_pernr authorization object only without using p_orgin. In MSS role both are needed for active control. Users who are not administrators should not be granted p_orgin by restricting them from HR master data. Below is the design details for ESS.
Every employee who uses the SAP Employee Self-Service is granted the following two authorizations for the P_PERNR authorization object:
AUTHC = R, M
PSIGN = I
INFTY = *
SUBTY = *
and
AUTHC = *
PSIGN = I
INFTY = 0006
SUBTY = *
Please let me know if any issue.
Regards
Aveek.
06-23-2009 10:05 AM
Hi
You also might want to check that you haven't included the P_ORGIN object in any other of the roles that's assigned to your ESS User.
If that's the case, access will be granted to all the employee's/infotypes included in this role, no mather how your ESS role is created.
Regards
Morten Nielsen