Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Ad Hoc Query & HR Structural Authorisations

Former Member
0 Kudos

Good day,

Can you kindly suggest solutions to the following?

Users with access to IT0008 can view basic pay across company codes. Iam using user groups for restriction per company code and PD Profiles for structural authorisations - there is also a restiction on personnel areas for the company code in the role in which IT8 is allocated...

Can you advise how i can restrict IT8 access for users across sites/company codes?

Thanks have a lovely day!

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Could you maybe explain a little more what the setup of your company is? The P_ORGIN authorization object would allow you to control infotype 0008 on a personnel area level and although my experience with HR authorizations is fairly limited I would imagine that a personnel area might be more or less the same as the company code.

Best regards,

Anders

4 REPLIES 4

Former Member
0 Kudos

Could you maybe explain a little more what the setup of your company is? The P_ORGIN authorization object would allow you to control infotype 0008 on a personnel area level and although my experience with HR authorizations is fairly limited I would imagine that a personnel area might be more or less the same as the company code.

Best regards,

Anders

0 Kudos

Hi Anders,

Thank you for the reply,

We are using HR structural authorisations with context solution P_ORGINCON, we have a HR Organisational based structure - where roles and PD profiles are linked to postions (PD Profiles are per company code as well nd linked to IT1017 on object S)... That is correct In our HR enterprise structure the personnel area is a breakdown of the section/s within a company code.

My roles have the personnel area restriction specified however when using Ad hoc query it is still allowing cross company access on it8. is there perhaps an object that is allowing this access we are not using object S_QUERY at this stage. could P_ABAP be allowing this access?

0 Kudos

Hi,

Most of the HR ad hoc queries works on P_ABAP, however a trace will show you exactly what object is checked. Also queries reads data directly from tables. if the user has read access on authorization group related to your query then he can list down the entire information.

Regards,

Gowrinadh

0 Kudos

Hello again, as Gowrinadh suggests you might want to trace the authorization checks on the problematic query. You can do this with ST01, where you set trace on, choose authorizations for a specific user, have the user run the report and then set trace off and analyze the results.

Best regards,

Anders