Skip to Content
avatar image
Former Member

How to limit data access to SQ01 using P.Area and restrict user to run PY simulation by PY Area?

Hi Experts,

I'm just new to HR authorizations but still need work on this due to capacity issue.

Our project just went live and I need help on the following HR authorization issues.

1.) There is a requirement to provide administrators (PA admin, PY admin) an access to adhoc query. However, they should only be able to display the master data of employees limited to the Personnel Area they are administer.

We tried to set the value in P_ORGIN object but they are still able to view the data from other Personnel Area.

Are there any objects that we need to check and modify to meet the requirements?

2.) In some countries, there are payroll admins who are allowed to execute payroll simulation but should be limited to certain payroll areas.

Example: (in Country XX, there are payroll areas 01, 02, 03, 04, 05)

PY admin A - is only allowed to simulate the payroll of employees under payroll areas 01 to 03.

PY admin B - is only allowed to simulate the payroll of employees under payroll areas 04 to 05.

We have a P_PCR object maintained and the values are set to the relevant payroll areas, however, based on my research, it's only applicable to Payroll Control Record.

In P_ORGIN, there's no Payroll Area field that we can use, although there are some forums suggesting to use the VDSK1 (Org. key) field. However, there's a need to update the master data in Production system and client already performed payroll runs so there's a possibility that they will encounter an error regarding Org. Key changes on the succeeding payroll runs?. Are there any options apart from using the VDSK1 field from P_ORGIN to meet the requirement for payroll simulation restriction?



Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Sep 27, 2017 at 04:52 PM

    An easy and thorough way is to run transaction STAUTHTRACE and see which objects the SQ01 is using. I would ask your security administrator to do this. Good luck

    Add comment
    10|10000 characters needed characters exceeded