Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HR restrictions required across personnel areas w/o structureal auths

Go to solution
Former Member

‎03-15-2011 7:37 PM

0 Kudos

The business has the need to restrict their HR users to a select population of users. Example, we need to be able to exclude the Executive population. The executive population is across multiple organizations (personnel areas) and we cannot use the employee subtgroup field to restrict on (04) for Executives because not we have some ISA's that we have coded US-ISAs so they are not reflected in the master data as (04). We have not implemented structural authorizations but I need to know if there is a means to restricting (PA20 - display of master data) on groups of associates without structural authorizations??

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎03-15-2011 8:02 PM

0 Kudos

Hi,

From my clients implementations so far, I have seen two approaches to restrict access to executive's PA data in PA20:

1. Based on organizational key which can be restricted at role level via auth objects- P_ORGIN

2. Implementing custom exit/BADI in the PA20 program or implement customer specific auth object [P_NNNNN|http://help.sap.com/saphelp_470/helpdata/en/4e/74ba3bd14a6a6ae10000000a114084/content.htm] to additionally check authorization for a custom auth object while executing PA20 which restricts access for specific range of personnel numbers that belong to the executives.

In short, either organization key (i.e personnel area + cost center) or personnel number of executives should fall within a reserved number range which can be used to restrict the access to their PA data.

Thanks

Sandipan

2 REPLIES 2

Go to solution
Former Member

‎03-15-2011 8:02 PM

0 Kudos

Hi,

From my clients implementations so far, I have seen two approaches to restrict access to executive's PA data in PA20:

1. Based on organizational key which can be restricted at role level via auth objects- P_ORGIN

2. Implementing custom exit/BADI in the PA20 program or implement customer specific auth object [P_NNNNN|http://help.sap.com/saphelp_470/helpdata/en/4e/74ba3bd14a6a6ae10000000a114084/content.htm] to additionally check authorization for a custom auth object while executing PA20 which restricts access for specific range of personnel numbers that belong to the executives.

In short, either organization key (i.e personnel area + cost center) or personnel number of executives should fall within a reserved number range which can be used to restrict the access to their PA data.

Thanks

Sandipan

Go to solution
Former Member
In response to Former Member

‎03-22-2011 8:23 PM

0 Kudos

Our Company does use the orgkey (VDSK1) field in P_ORGIN to restrict access to our plant users. We tried to use this field by configuring our Executive population master data to = EXEC. This method was helpful in restricting all general HR users from access to anyone that is coded with EXEC. The method did not work when we tried to design new roles to grant access to EXECs by Functional areas (which span across multiple personnel areas) in combination with assignment of the MSS User role, which has P_ORGIN values for personnel area = * and orgkey field value = *.

Our Executive population does not fall within a reserved number range so option #2 is not a viable solution either.