05-29-2015 9:38 AM
Dear All,
We have 2 roles, one is a Manager Role which is based on structural authorization but have access to PA * and another role HR Admin which is specific to each Personnel Area.
Problem is whenever one User is assigned both the roles then he is able to see data of not only his subordinates but data of other users also belonging to different PA.
Please advice.
Regards
Susmita
06-02-2015 11:40 AM
Hi Susmita,
This makes perfect sense in SAP HR as it will just combine the PA authorizations from both roles and combine the structural authorizations granted for both roles. The end result is that the user will have access to all PA (PA * from the Manager role) and structural authorization for all Persons (from the HR admin role).
If you want the PA * authorization of the manager to only apply to his subordinates, you will need to switch to context sensitive authorizations (eg P_ORGINCON). There's a whole chapter on it in the HR940 course (as well as plenty of info online) that will help you in setting this up.
Best regards,
Brent