How to Restrict Specific Employees Master Data for...

Former Member · ‎07-30-2013

My Requirement is this i would like to restrict top level Management Employees Master Data for Specific User .Could you please help me out how to restrict this master data ?

Former Member · ‎08-01-2013

From practical experience:

1) If there is a possibility to group them together use P_ORGIN fields:

PERSA Personnel Area

PERSG Employee Group

PERSK Employee Subgroup

2) If not use:

VDSK1 Organizational Key

here is some description how to configure automatic update:
http://help.sap.com/saphelp_erp60_sp/helpdata/en/17/4bba3b3bf00152e10000000a114084/content.htm

if you won't be possible to group them using this the last option is to use customer exit that will use some special rules in PA30 PAI event by function module EXIT_SAPFP50M_002.

And the last thing: remeber to update all historical records in IT0001 (and lock payroll), otherwise they will remain visible still.

regards,

Bartek

paul_davidson · ‎07-31-2013

Hi Tasneem,

As mentioned above, the authorization object P_ORGIN (or P_ORGINCON) will solve your problem, but first there has to be a way to identify and separate out the top level management employees. Employee Group or Employee Subgroup would be best - Example: Employee Subgroup 01 = Officers, 02 = Vice Presidents, 03 = Directors, 04 = Managers/Supervisors, 05 = Other Salaried Employees. With P_ORGIN and this breakdown you can easily create roles and assign them to certain people who could access salaried employees and managers, but not directors and above. Or others who could access to the director level, but not VP's and Officers.

So yes, please use P_ORGIN, but you must make sure you can separate out the individuals you want the users to have access to vs. those they should not be able to acccess.

Paul

Former Member · ‎07-30-2013

Hi,

For IT0008 restriction, you can make use of authorization object P_ORGIN.

1. Payroll Area as a Security check. The field 'payroll area' is not part of the authority check in HR.

- Via the authorization 'HR: master data' you can check the field 'Organisational key'. This field can be filled with the feature VDSK1 and the tables T527, T527A and T5720 (please also have a look at the documentation of feature VDSK1). In the organisational key you could implement a check for the payroll area.

2. All Infotypes but IT0008. As for the other requirement of IT0008 restriction, you can make use of

authorization object P_ORGIN.

Authorization level *

Infotype 0000-0007, 0009-9999

Personnel Area *

Employee Group *

Employee Subgroup *

Subtype *

Organizational Key *

So this gives access to all infotypes expect 0008...

To restrict the access the tcode PA20 or all access to master data you should create a role that will check the authorizations for these infotypes. Note 902000 -Analyzing HR authorizations, contains a documentation related to HR authorizations. Here you will find a several documents related

to this topic.

Regards,

rajasekhar_reddy3 · ‎07-30-2013

Hi,

If it is PA master data you can use authorization object P_ORGIN you can restrict based infotypes ,employee groups & subgroups , Personnel area and subtypes.

For OM you can use authorization object PLOG.

Regards,

Raja Sekhar

How to Restrict Specific Employees Master Data for Specific User in HCM

Accepted Solutions (0)

Answers (4)

Answers (4)

Re: Production Schedule Gantt Chart

Re: Sales analysis report query

Link TaxGL with book GL

Re: Use of Sequence into SAP B1 / SAP Business One

Re: sap MM