Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Custom transaction for SE16

Former Member

‎03-25-2015 3:37 PM

0 Kudos

Hi Gurus,

We have a requirement werein a custom transaction needs to be created for giving access to SE16 (HCM system)

If a backend expert user belongs to UK, the Z*SE16 transaction should provide him access to only UK data only.

I understand that S_TABU_DIS can control access based on authorization groups but not based on area(PERSA).

Can this be done via authorization setup or a custom program should be written for the same?

Request your suggestion & ideas.

Thanks,

Nivin

4 REPLIES 4

jurjen_heeck
Active Contributor

‎03-25-2015 8:03 PM

0 Kudos

Hi Nivin,

I suggest a search on the S_TABU_LIN object but first make absolutely sure none of the standard HCM reports fulfil your need. Direct table access is almost never needed for HR data.


Jurjen

Former Member

‎03-26-2015 4:41 AM

0 Kudos

Hi Nivin,

Could you say, how will you ensure that all tables viewed hrough ZSE16 will tables viewed have Personal area as column/field. There are tables which do not have personal area as field. So, how will you restrict those table.

However, for all other tables, which have personal area, S_TABU_LIN can provide you the retriction.

Regards

Plaban

pmuschick
Participant

‎03-26-2015 8:39 AM

0 Kudos

SE16 is never recommendable in HCM for standard end users. Use SAP Ad-hoc queries instead to work in the reporting database with all authorization checks you may require (like PERSA).

http://scn.sap.com/thread/3695616



It is not recommended to work with S_TABU_LIN and direct table access, although it is common in HR departments. I had to once and they worked out a logic based on the ranges for personnel numbers. That is the only approach you could to do line based authorization on HR tables. However this is not really straight forward. I would recommend you to work with a logical database and sap ad-hoc queries. You would have to rethink all tables access and get rid of it. You can assign query authorizations without the critical S_QUERY auth. via binding it to a role. (have to search for a link, but this works). Authorizations will then be checked via P_ORGIN and the other auth. objects. This should be ok for an auditor...

Former Member

‎03-30-2015 7:56 AM

0 Kudos

Hi Nivin,

did you ever rear about transaction variants (TC SHD0)? In this report you are able to restrict access in transaction code fields. You will be able to disable fields and/or to triage fields.

Best regards

Julian