cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP HCM Infotype historical data restriction

Former Member

on ‎04-16-2018 1:05 PM

0 Kudos

Hi,

We have following requirement for historical Infotype data restriction.

Currently, HR admins have access to two different personal areas, A and B. But they are planning to segregate the SAP roles based on personal area and after the authorization segregation, the HR admins should have access to only that historical data (the old delimited Infotype records) for which Admins have access to. E.g. if employee moves from PA A to B in Jun 2018, and again from B to A in Aug 2018 and segregation is happening on May 2018, then after May, HR admin of PA A should only see the org assignment which happened in PA A and not the record when the employee was moved to PA B.

At the same time, the requirement is that, all the records before the segregation (i.e. May 2018), irrespective of the employee's PA at that time, should be visible to both HR admins (since they had access to both personal areas before segregation).

Please let me know if the above requirement can be fulfilled using standard SAP, maybe with the help of some BADI?

Show replies
Show replies
ChrisSolomon
Active Contributor
‎04-16-2018 1:12 PM
0 Kudos

Who came up with that crazy requirement?!?!? haha Sounds like someone creating work just to keep their job. Problem I see with this is that no one actually gets the FULL picture of the employee's history then....especially if they have moved around a bit....ie. "into pers area A then to B then maybe back to A". And then, ok....maybe if this was needed....then just do it across the board....but to throw in the exception of "all records except those before May 2018".....just sounds like someone playing a cruel joke.

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

lucylan
Product and Topic Expert
Product and Topic Expert
‎04-18-2018 2:23 AM
0 Kudos

Hello,

Generally speaking, if you use authorization objects/roles to restrict access to employees,
then it is not time-dependent. In other words, if you use authorization objects/roles only to
fulfill your authorization restriction, even when one user was authorized only once,
s/he is considered to be authorized.

If it is expected to have time-dependent authorization settings, there are two options:
a. Structure Authorization should be used.
b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.


From your description I assume you are using authorization objects/roles only to fulfill your requirement
on authorization control, and also that you are having a constant segregation date, I support the
option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.

Best regards.
Lucy

Show replies
Show replies
lucylan
Product and Topic Expert
Product and Topic Expert
‎04-18-2018 2:23 AM
0 Kudos

Hello,

Generally speaking, if you use authorization objects/roles to restrict access to employees,
then it is not time-dependent. In other words, if you use authorization objects/roles only to
fulfill your authorization restriction, even when one user was authorized only once,
s/he is considered to be authorized.

If it is expected to have time-dependent authorization settings, there are two options:
a. Structure Authorization should be used.
b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.


From your description I assume you are using authorization objects/roles only to fulfill your requirement
on authorization control, and also that you are having a constant segregation date, I support the
option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.

Best regards.
Lucy

Show replies
Show replies
Ask a Question