Skip to Content
0

SAP HCM Infotype historical data restriction

Apr 16 at 12:05 PM

29

avatar image
Former Member

Hi,

We have following requirement for historical Infotype data restriction.

Currently, HR admins have access to two different personal areas, A and B. But they are planning to segregate the SAP roles based on personal area and after the authorization segregation, the HR admins should have access to only that historical data (the old delimited Infotype records) for which Admins have access to. E.g. if employee moves from PA A to B in Jun 2018, and again from B to A in Aug 2018 and segregation is happening on May 2018, then after May, HR admin of PA A should only see the org assignment which happened in PA A and not the record when the employee was moved to PA B.

At the same time, the requirement is that, all the records before the segregation (i.e. May 2018), irrespective of the employee's PA at that time, should be visible to both HR admins (since they had access to both personal areas before segregation).

Please let me know if the above requirement can be fulfilled using standard SAP, maybe with the help of some BADI?

10 |10000 characters needed characters left characters exceeded

Who came up with that crazy requirement?!?!? haha Sounds like someone creating work just to keep their job. Problem I see with this is that no one actually gets the FULL picture of the employee's history then....especially if they have moved around a bit....ie. "into pers area A then to B then maybe back to A". And then, ok....maybe if this was needed....then just do it across the board....but to throw in the exception of "all records except those before May 2018".....just sounds like someone playing a cruel joke.

0
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Lucy Lan
Apr 18 at 01:23 AM
0

Hello,

Generally speaking, if you use authorization objects/roles to restrict access to employees,
then it is not time-dependent. In other words, if you use authorization objects/roles only to
fulfill your authorization restriction, even when one user was authorized only once,
s/he is considered to be authorized.

If it is expected to have time-dependent authorization settings, there are two options:
a. Structure Authorization should be used.
b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.


From your description I assume you are using authorization objects/roles only to fulfill your requirement
on authorization control, and also that you are having a constant segregation date, I support the
option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.

Best regards.
Lucy

Share
10 |10000 characters needed characters left characters exceeded
Lucy Lan
Apr 18 at 01:23 AM
0

Hello,

Generally speaking, if you use authorization objects/roles to restrict access to employees,
then it is not time-dependent. In other words, if you use authorization objects/roles only to
fulfill your authorization restriction, even when one user was authorized only once,
s/he is considered to be authorized.

If it is expected to have time-dependent authorization settings, there are two options:
a. Structure Authorization should be used.
b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.


From your description I assume you are using authorization objects/roles only to fulfill your requirement
on authorization control, and also that you are having a constant segregation date, I support the
option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.

Best regards.
Lucy

Share
10 |10000 characters needed characters left characters exceeded