03-25-2015 3:37 PM
Hi Gurus,
We have a requirement werein a custom transaction needs to be created for giving access to SE16 (HCM system)
If a backend expert user belongs to UK, the Z*SE16 transaction should provide him access to only UK data only.
I understand that S_TABU_DIS can control access based on authorization groups but not based on area(PERSA).
Can this be done via authorization setup or a custom program should be written for the same?
Request your suggestion & ideas.
Thanks,
Nivin
03-25-2015 8:03 PM
Hi Nivin,
I suggest a search on the S_TABU_LIN object but first make absolutely sure none of the standard HCM reports fulfil your need. Direct table access is almost never needed for HR data.
Jurjen
03-26-2015 4:41 AM
Hi Nivin,
Could you say, how will you ensure that all tables viewed hrough ZSE16 will tables viewed have Personal area as column/field. There are tables which do not have personal area as field. So, how will you restrict those table.
However, for all other tables, which have personal area, S_TABU_LIN can provide you the retriction.
Regards
Plaban
03-26-2015 8:39 AM
SE16 is never recommendable in HCM for standard end users. Use SAP Ad-hoc queries instead to work in the reporting database with all authorization checks you may require (like PERSA).
http://scn.sap.com/thread/3695616
It is not recommended to work with S_TABU_LIN and direct table access, although it is common in HR departments. I had to once and they worked out a logic based on the ranges for personnel numbers. That is the only approach you could to do line based authorization on HR tables. However this is not really straight forward. I would recommend you to work with a logical database and sap ad-hoc queries. You would have to rethink all tables access and get rid of it. You can assign query authorizations without the critical S_QUERY auth. via binding it to a role. (have to search for a link, but this works). Authorizations will then be checked via P_ORGIN and the other auth. objects. This should be ok for an auditor...
03-30-2015 7:56 AM
Hi Nivin,
did you ever rear about transaction variants (TC SHD0)? In this report you are able to restrict access in transaction code fields. You will be able to disable fields and/or to triage fields.
Best regards
Julian