as part of our authorization concept, we are using the field PERSG in authorization object P_ORGIN (and P_ORGINCON) to determine whether a user has access to the infotypes of a given employee.
In the current example, the user may access employees with a personnel group (PERSG) '1' - '9', but not 'M', because our PERSG 'M' stands for 'manager', so his P_ORGIN and P_ORGINCON are restricted to PERSG BETWEEN '1' AND '9'. Basically, this works nicely.
However, there are cases in which an employee is promoted to manager level. His former PERSG in infotype 0001 is '1', but beginning from a certain date, his PERSG changes to 'M'. The autorization system now lets the user still see the former periods of time of this employee during which his PERSG was still '1', even though now he is 'M'. I understand that this is correct system behavior as SAP designed it. However, in our case it is undesired by the management. Once an employee has been promoted to PERSG 'M', none of his infotype periods should be visible to any user who does not have the 'M' authorization level.
Is there a way to achieve this?