Authorization issue with access to HR data not bei...

Former Member · ‎01-05-2015

Hi Experts,

We have one HR authorization profile created for all the users and its mandatory for every user, when we are assigning this profile to the users all the users are able to see the salary data in the system, so client asking to restrict this data(read & write). when we are trying to restrict at the infotype level the Authorization profile overwriting it and restriction at infotype level is not working.

Please suggest me which way we can do this

Thanks,

VS

Message was edited by: Julius von dem Bussche Subject title improved...

abdul_hafeez4 · ‎01-05-2015

This message was moderated.

Colleen · ‎01-06-2015

Hi Sree


when we are trying to restrict at the infotype level the Authorization profile overwriting it and restriction at infotype level is not working

What do you mean by overwriting? What did you restrict?

1 profile only for all users - sounds like there might be a bit too much access. Was this profile meant to be for ESS access?

Regards

Colleen

Former Member · ‎01-06-2015

At the top of the list of suspects is always object P_ABAP. What values (if any) have you given there?

Also, which transaction are they using to display salaries? (perhaps you are expecting SE16 to work with HR authorizations - it won't...).

Cheers,

Julius

pmuschick · ‎01-06-2015

Please give as us more details on:

The profile itself (how it is configured)
The authorization objects in the roles (P_ORGIN and so on)
Which authorization objects are activated (HRAUTH export)
The roles, objects, profiles, and if index was activated (HRAUTH export)

There are several common problems with this. Not activated authorization objects are simple cause but it can be more complex. Only details about how the system tests authorizations usually lead us to a solution.

Authorization issue with access to HR data not being blocked