Hello Security Gurus,
I am having an issue with managers having MSS role and TEM role with PA20/30. Since managers have to access data for their direct reports, Infotype 0008,0001 etc have been provided in MSS role. But having PA20/PA30 access with TEM roles ( which are mandatory for TEM roles) they can view data for anybody on the ECC system. But these users are not supposed to view other peoples data.
I know 2 solutions for this 1. Provide seperate IDs ( one each for TEM and for the rest of access)
2. Structural authorizations and Context authorizations
Does anyone know any other solution since Business decision is against both of these ?
Thanks in advance,