Hello security experts,
In our system, both P_ORGIN and P_ORGXX security checks are turned on. We want to restrict the access to personnel in the PA30 transaction by Personnel Area - unfortunately I am able to display personnel in more personnel areas than I have assigned in P_ORGIN. Can you tell me what I am doing wrong here?
Here are the current settings:
security object : authorization field - authorization value
P_ORGIN : AUTHC (Auth level) - D, M, R, W
P_ORGIN : INFTY (Infotype) - 0315
P_ORGIN : PERSA (Pers area) - 0083
P_ORGIN : PERSG (pers grp) - *
P_ORGIN : PERSK (emp sub grp) - *
P_ORGIN : SUBTY (subty) - *
P_ORGIN : VDSKI (org key) - *
P_ORGIN : AUTHC (Auth level) - E, M, R
P_ORGIN : INFTY (Infotype) - 0000-0001, 0007, 0328
P_ORGIN : PERSA (Pers area) - 0083
P_ORGIN : PERSG (pers grp) - *
P_ORGIN : PERSK (emp sub grp) - *
P_ORGIN : SUBTY (subty) - *
P_ORGIN : VDSKI (org key) - *
P_ORGXX : AUTHC (Auth level) - D, M, R, W
P_ORGXX : INFTY (Infotype) - 0315
P_ORGXX : SACHA (Pay admin) - ' '
P_ORGXX : SACHP (HR admin) - ' '
P_ORGXX : SACHZ (Time admin) - 996
P_ORGXX : SBMOD (Admin grp) - *
P_ORGXX : SUBTY (subtype) - *
P_ORGXX : AUTHC (Auth level) - E, M, R
P_ORGXX : INFTY (Infotype) - 0000-0001, 0007, 0328
P_ORGXX : SACHA (Pay admin) - ' '
P_ORGXX : SACHP (HR admin) - ' '
P_ORGXX : SACHZ (Time admin) - 996
P_ORGXX : SBMOD (Admin grp) - *
P_ORGXX : SUBTY (subtype) - *
Any insight is much appreciated