on 07-30-2013 10:51 AM
My Requirement is this i would like to restrict top level Management Employees Master Data for Specific User .Could you please help me out how to restrict this master data ?
From practical experience:
1) If there is a possibility to group them together use P_ORGIN fields:
PERSA Personnel Area
PERSG Employee Group
PERSK Employee Subgroup
2) If not use:
VDSK1 Organizational Key
here is some description how to configure automatic update:
http://help.sap.com/saphelp_erp60_sp/helpdata/en/17/4bba3b3bf00152e10000000a114084/content.htm
if you won't be possible to group them using this the last option is to use customer exit that will use some special rules in PA30 PAI event by function module EXIT_SAPFP50M_002.
And the last thing: remeber to update all historical records in IT0001 (and lock payroll), otherwise they will remain visible still.
regards,
Bartek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tasneem,
As mentioned above, the authorization object P_ORGIN (or P_ORGINCON) will solve your problem, but first there has to be a way to identify and separate out the top level management employees. Employee Group or Employee Subgroup would be best - Example: Employee Subgroup 01 = Officers, 02 = Vice Presidents, 03 = Directors, 04 = Managers/Supervisors, 05 = Other Salaried Employees. With P_ORGIN and this breakdown you can easily create roles and assign them to certain people who could access salaried employees and managers, but not directors and above. Or others who could access to the director level, but not VP's and Officers.
So yes, please use P_ORGIN, but you must make sure you can separate out the individuals you want the users to have access to vs. those they should not be able to acccess.
Paul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
For IT0008 restriction, you can make use of authorization object P_ORGIN.
1. Payroll Area as a Security check. The field 'payroll area' is not part of the authority check in HR.
- Via the authorization 'HR: master data' you can check the field 'Organisational key'. This field can be filled with the feature VDSK1 and the tables T527, T527A and T5720 (please also have a look at the documentation of feature VDSK1). In the organisational key you could implement a check for the payroll area.
2. All Infotypes but IT0008. As for the other requirement of IT0008 restriction, you can make use of
authorization object P_ORGIN.
Authorization level *
Infotype 0000-0007, 0009-9999
Personnel Area *
Employee Group *
Employee Subgroup *
Subtype *
Organizational Key *
So this gives access to all infotypes expect 0008...
To restrict the access the tcode PA20 or all access to master data you should create a role that will check the authorizations for these infotypes. Note 902000 -Analyzing HR authorizations, contains a documentation related to HR authorizations. Here you will find a several documents related
to this topic.
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If it is PA master data you can use authorization object P_ORGIN you can restrict based infotypes ,employee groups & subgroups , Personnel area and subtypes.
For OM you can use authorization object PLOG.
Regards,
Raja Sekhar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
100 | |
11 | |
11 | |
6 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.