Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how to secure HR master data

Former Member

‎10-23-2007 4:15 PM

0 Kudos

hello security experts.

i have to assign pa30 to a user to maintain users' contact info in SAP, but this gives access to all the HR data i.e. pay, benefits and everything else. any idea how can i restrict this? your comments will be appreciated.

4 REPLIES 4

Former Member

‎11-01-2007 7:17 AM

0 Kudos

Hi,

When u assign the tcode PA30, an authorization object P_ORGIN will be generated. You can restrict the access of other HR data by restricting the infotype field. For example, the infotype for communication is 105. In conclusion, you could restrict the access of the HR data by maintaining the P_ORGIN object.

Hope this helps.

Regards,

Elaini

Former Member
In response to Former Member

‎11-01-2007 5:43 PM

0 Kudos

I suggest looking at some of the SAP help documentation on how HR can be secured (via auth objects and structural authorziations).

http://help.sap.com/erp2005_ehp_02/helpdata/en/5c/73ba3bd14a6a6ae10000000a114084/frameset.htm

Mainly, the infotype field is used to secure the type of data a user has access to. I suggest working with a business process owner to determine which HR roles can view/update the specific infotypes. i.e. 0008 and 0009 should be restricted to payroll only, plus there are some others like that.

Former Member

‎11-05-2007 3:48 PM

0 Kudos

Hi Novice,

Please go through the following link. It is an excellent material on how to secure HR Master data by using the different HR authorization objects.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d9c4230a-0a01-0010-31be-9213b185...

Regards,

Kiran.

former_member74904
Contributor

‎11-07-2007 10:12 AM

0 Kudos

hi novice,

I assume that you need this access for users to maintain their own contact info? in that case, P_PERNR is the easiest way to realize this. if the users that are assigned Tcode PA30 need to maintain the contact info for different users, P_ORGIN is the way to go as the people before me have said already.

definitely have a good look at the documentation links above, for granting access to HR master data can potentially get you in alot of trouble .