10-23-2007 4:15 PM
hello security experts.
i have to assign pa30 to a user to maintain users' contact info in SAP, but this gives access to all the HR data i.e. pay, benefits and everything else. any idea how can i restrict this? your comments will be appreciated.
11-01-2007 7:17 AM
Hi,
When u assign the tcode PA30, an authorization object P_ORGIN will be generated. You can restrict the access of other HR data by restricting the infotype field. For example, the infotype for communication is 105. In conclusion, you could restrict the access of the HR data by maintaining the P_ORGIN object.
Hope this helps.
Regards,
Elaini
11-01-2007 5:43 PM
I suggest looking at some of the SAP help documentation on how HR can be secured (via auth objects and structural authorziations).
http://help.sap.com/erp2005_ehp_02/helpdata/en/5c/73ba3bd14a6a6ae10000000a114084/frameset.htm
Mainly, the infotype field is used to secure the type of data a user has access to. I suggest working with a business process owner to determine which HR roles can view/update the specific infotypes. i.e. 0008 and 0009 should be restricted to payroll only, plus there are some others like that.
11-05-2007 3:48 PM
Hi Novice,
Please go through the following link. It is an excellent material on how to secure HR Master data by using the different HR authorization objects.
Regards,
Kiran.
11-07-2007 10:12 AM
hi novice,
I assume that you need this access for users to maintain their own contact info? in that case, P_PERNR is the easiest way to realize this. if the users that are assigned Tcode PA30 need to maintain the contact info for different users, P_ORGIN is the way to go as the people before me have said already.
definitely have a good look at the documentation links above, for granting access to HR master data can potentially get you in alot of trouble .