- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- ESS and MSS security
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ESS and MSS security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2012 1:41 PM
hi all,
i have a question, which im sure isnt too difficult for me to explain,
we had a ESS/MSS solution based on OM( ORG MANAGEMENT) and now we have changed to PA( personal administration), we have also introduced a set of new Infotypes. I wanted to ask, what will be the best way of securing these new INFOTYPES? im worried becasue we changed from OM to PA how can i secure these infotypes?
any ideas, more than welcomed.
thanks
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2012 6:25 AM
Hi Kevin,
Try to use Org Key (VDSK1) field of auth object P_ORGIN to restrict your PA infotypes. Org key is an OM attribute comprising of Personnel area & Cost center which can be used to restrict access to PA data (infotypes). Your ESS role will primarily need auth object P_PERNR to render access to user's own personnel number and MSS role will require P_ORGIN/P_ORGXX.
By the way, restricting organizational structure via Structural authorization is much granular form of HCM security as per my experience so far. So I am obviously curios why would you decide to use normal authorizations instead of structural authorizations now?
Thanks
Sandipan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2012 6:25 AM
Hi Kevin,
Try to use Org Key (VDSK1) field of auth object P_ORGIN to restrict your PA infotypes. Org key is an OM attribute comprising of Personnel area & Cost center which can be used to restrict access to PA data (infotypes). Your ESS role will primarily need auth object P_PERNR to render access to user's own personnel number and MSS role will require P_ORGIN/P_ORGXX.
By the way, restricting organizational structure via Structural authorization is much granular form of HCM security as per my experience so far. So I am obviously curios why would you decide to use normal authorizations instead of structural authorizations now?
Thanks
Sandipan
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2012 10:32 AM
Hi Sandipan,
yes we are using structural authoirsations, so your suggesting for the MSS access to use P_ORGINCON? to restrict? anything else?
thanks
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2012 11:56 AM
Hi Kevin,
Yes for restricting PA data/infotypes, you will need to use P_ORGINCON & P_ORGXXCON. I understand you are using context sensitive structural authorization model, so the structural profile you create for MSS will further restrict the access within Org. structure (OM objects). In case you would want to exclude a manager from maintaining/displaying his own PA infotypes, then P_PERNR has to be added to the role.
Hope this explains.
Thanks
Sandipan
- SAP Managed Tags:
- Security
