SAP HR Security for basis without basic salary inf...

indu_basera · ‎09-21-2011

Experts...

We have a scenario where we have to provide authorization to a HR ADMIN, so that he/she can view all the details of all employee exists in company except the view access of BASIS PAY(0008) for few higher positions.

HR Admin should view & perform action on other details of those higher positions.

Any suggestion How we can acheive this security requirement ?

Thanks in advance

Indu

Edited by: Julius Bussche on Oct 13, 2011 7:03 PM

Please read the forum rules about "asap" and using meaningful subject titles...

Also you must perform a basic search yourself before launching a question...

Former Member · ‎09-21-2011

Hi Indu,

You have a concept in HR called as Structural authorization using which you can restrict the authorization to InfoType 0008. However, you need to have the organization structure defined to restrict access at a specific level. How well your Organization structure is maintained??

Regards,

Raghu

Former Member · ‎09-21-2011

Hi Raghu

If we already have structural authorization then how it would help us to restrict few employees data only?

Scenario is :

There is one team to be able to

1. View all employees data including Sr Management

2. But should view only few infotypes data such as IT0008(basic Pay) of few people not SR management data

General authorizations and structural authorizations combination can restrict the any HR data in the roles in such a way they can able to see few employee which are allowed using PD profiles.

But using the same roles to be restricted to get view to some employees data but not few employees

How?

Edited by: Hari Krishna Prasad kantipudi on Sep 21, 2011 3:57 PM

Former Member · ‎09-22-2011

I can see two options:

1. Playing around with General Authorisations

Does senior management have anything in infotype 0001 which could be used to differentiate them from others? If senior management has own employee subgroup it would be easy to do even using P_ORGIN object. However I assume that is not the case? Another option would be to to use somehow organisational key field or administrator fields and P_ORGXX object. If there is a field in infotype 0001 what differentiates senior management from others but it is not used in either P_ORGIN or P_ORGXX then it is possible to create the [customer-specific object|http://help.sap.com/erp2005_ehp_02/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm]

2. Context solution

Context solution allows to link general authorisations to structural authorisations. P_ORGIN will become P_ORGINCON etc. New field PROFL will link the infotype access to specific structural authorisation. This option requires little bit more planning but it's worth the effort. More about Context Solution in [help.sap.com|http://help.sap.com/erp2005_ehp_02/helpdata/en/7f/1a7d3c8015d10ee10000000a11405a/frameset.htm]

Former Member · ‎10-13-2011

Hi

One more easy appoach.

1. Assign the personnel adminstrator for the Higher Management in IT0001

2. Create 2 role using the object P_ORGXX for the IT0008

-- HR personnel admins could be *

-- for others it could be all personnel admin execpt Higher management admistrotor

(Structural authorization can be added if you wanted to have only based on OM Structure)

Best Regards

Vikas

Former Member · ‎10-13-2011

I would go with Vikas's approach!!

indu_basera · ‎09-21-2011

Yes Raghu,

Hari correctly added to my query ...

Regards,

Indu

SAP HR Security for basis without basic salary info type