on 04-16-2018 1:05 PM
Hi,
We have following requirement for historical Infotype data restriction.
Currently, HR admins have access to two different personal areas, A and B. But they are planning to segregate the SAP roles based on personal area and after the authorization segregation, the HR admins should have access to only that historical data (the old delimited Infotype records) for which Admins have access to. E.g. if employee moves from PA A to B in Jun 2018, and again from B to A in Aug 2018 and segregation is happening on May 2018, then after May, HR admin of PA A should only see the org assignment which happened in PA A and not the record when the employee was moved to PA B.
At the same time, the requirement is that, all the records before the segregation (i.e. May 2018), irrespective of the employee's PA at that time, should be visible to both HR admins (since they had access to both personal areas before segregation).
Please let me know if the above requirement can be fulfilled using standard SAP, maybe with the help of some BADI?
Hello,
Generally speaking, if you use authorization objects/roles to restrict access to employees,
then it is not time-dependent. In other words, if you use authorization objects/roles only to
fulfill your authorization restriction, even when one user was authorized only once,
s/he is considered to be authorized.
If it is expected to have time-dependent authorization settings, there are two options:
a. Structure Authorization should be used.
b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.
From your description I assume you are using authorization objects/roles only to fulfill your requirement
on authorization control, and also that you are having a constant segregation date, I support the
option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.
Best regards.
Lucy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Generally speaking, if you use authorization objects/roles to restrict access to employees,
then it is not time-dependent. In other words, if you use authorization objects/roles only to
fulfill your authorization restriction, even when one user was authorized only once,
s/he is considered to be authorized.
If it is expected to have time-dependent authorization settings, there are two options:
a. Structure Authorization should be used.
b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.
From your description I assume you are using authorization objects/roles only to fulfill your requirement
on authorization control, and also that you are having a constant segregation date, I support the
option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.
Best regards.
Lucy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
107 | |
12 | |
11 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.