Skip to Content
avatar image
Former Member

SAP HCM Infotype historical data restriction

Hi,

We have following requirement for historical Infotype data restriction.

Currently, HR admins have access to two different personal areas, A and B. But they are planning to segregate the SAP roles based on personal area and after the authorization segregation, the HR admins should have access to only that historical data (the old delimited Infotype records) for which Admins have access to. E.g. if employee moves from PA A to B in Jun 2018, and again from B to A in Aug 2018 and segregation is happening on May 2018, then after May, HR admin of PA A should only see the org assignment which happened in PA A and not the record when the employee was moved to PA B.

At the same time, the requirement is that, all the records before the segregation (i.e. May 2018), irrespective of the employee's PA at that time, should be visible to both HR admins (since they had access to both personal areas before segregation).

Please let me know if the above requirement can be fulfilled using standard SAP, maybe with the help of some BADI?

Add comment
10|10000 characters needed characters exceeded

  • Who came up with that crazy requirement?!?!? haha Sounds like someone creating work just to keep their job. Problem I see with this is that no one actually gets the FULL picture of the employee's history then....especially if they have moved around a bit....ie. "into pers area A then to B then maybe back to A". And then, ok....maybe if this was needed....then just do it across the board....but to throw in the exception of "all records except those before May 2018".....just sounds like someone playing a cruel joke.

  • Get RSS Feed

2 Answers

  • Apr 18 at 01:23 AM

    Hello,

    Generally speaking, if you use authorization objects/roles to restrict access to employees,
    then it is not time-dependent. In other words, if you use authorization objects/roles only to
    fulfill your authorization restriction, even when one user was authorized only once,
    s/he is considered to be authorized.

    If it is expected to have time-dependent authorization settings, there are two options:
    a. Structure Authorization should be used.
    b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.


    From your description I assume you are using authorization objects/roles only to fulfill your requirement
    on authorization control, and also that you are having a constant segregation date, I support the
    option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.

    Best regards.
    Lucy

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 18 at 01:23 AM

    Hello,

    Generally speaking, if you use authorization objects/roles to restrict access to employees,
    then it is not time-dependent. In other words, if you use authorization objects/roles only to
    fulfill your authorization restriction, even when one user was authorized only once,
    s/he is considered to be authorized.

    If it is expected to have time-dependent authorization settings, there are two options:
    a. Structure Authorization should be used.
    b. BAdI HRPAD00AUTH_TIME should be used to control validity period of role/profile. But this is enhancement.


    From your description I assume you are using authorization objects/roles only to fulfill your requirement
    on authorization control, and also that you are having a constant segregation date, I support the
    option "b. BAdI HRPAD00AUTH_TIME" should be a easier way to meet your requirement.

    Best regards.
    Lucy

    Add comment
    10|10000 characters needed characters exceeded