Skip to Content
avatar image
Former Member

Authorization issue with access to HR data not being blocked

Hi Experts,

We have one HR authorization profile created for all the users and its mandatory for every user, when we are assigning this profile to the users all the users are able to see the salary data in the system, so client asking to restrict this data(read & write). when we are trying to restrict at the infotype level the Authorization profile overwriting it and restriction at infotype level is not working.

Please suggest me which way we can do this

Thanks,

VS

Message was edited by: Julius von dem Bussche Subject title improved...

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • avatar image
    Former Member
    Jan 06, 2015 at 11:24 AM

    At the top of the list of suspects is always object P_ABAP. What values (if any) have you given there?

    Also, which transaction are they using to display salaries? (perhaps you are expecting SE16 to work with HR authorizations - it won't...).

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 05, 2015 at 11:54 AM

    This message was moderated.

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 06, 2015 at 11:20 AM

    Hi Sree

    when we are trying to restrict at the infotype level the Authorization profile overwriting it and restriction at infotype level is not working


    What do you mean by overwriting? What did you restrict?


    1 profile only for all users - sounds like there might be a bit too much access. Was this profile meant to be for ESS access?


    Regards

    Colleen

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 06, 2015 at 12:50 PM

    Please give as us more details on:

    • The profile itself (how it is configured)
    • The authorization objects in the roles (P_ORGIN and so on)
    • Which authorization objects are activated (HRAUTH export)
    • The roles, objects, profiles, and if index was activated (HRAUTH export)

    There are several common problems with this. Not activated authorization objects are simple cause but it can be more complex. Only details about how the system tests authorizations usually lead us to a solution.

    Add comment
    10|10000 characters needed characters exceeded