HR Authorizations - Backend v/s ESS

Former Member · ‎11-06-2010

We have some HR users/Business Team what have full authorizations to read, write, modify delete Infotypes. This is via PA30/backend. Due to compliance, we have set up authorizations such that these users cannot create/modify/change/delete their own data. We also have ESS. Now with ESS, some of the infotypes need to be modified/created/changed/deleted etc.

Based on our current set up, when these users try to update an Infotype data for themselves via ESS, they get an authorization issue. Looks like we can have either of the two - have ESS access to update infotype XXXX for oneself or have a backend access to update the same infotype XXXX for all employees except oneself..

Not sure if there is any workaround for this, just wanted to post it on the forum and see if anyone has experienced this before.

Thanks,

Former Member · ‎12-07-2010

Only workaround I can think of is using a system type generic user id at backend system (linked with the ESS) to update any infotype for oneself in the backend HR system via ESS Portal.

But you have to check with your company's compliance policies regarding updation of infotype via a generic backend id. Portal program can be customized with such logic where a user is authenticated into ESS based on his own login credentials and once logged in, any update to infotypes for oneself via ESS is achieved based on authorization of the generic backend id.

And at backend you can restrict user's access to those infotype for himself by using object P_PERNR (P_SIGN= E)

Thanks!

Sandipan

Former Member · ‎12-07-2010

Did you restrict user for modification of their own data completely? You may want to fine tune in a way that user would able to modify infotype which you allow via ESS. For example restrict 008 but not personal data maintain function.