Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Field-level Security in HR infotype screens

thaer_mahmoud
Discoverer

‎10-31-2006 10:35 PM

0 Kudos

I have a Scenario where I want some users to see some fields (X, Y, and Z) on infotype 0002 but I also want other (different) users to see ONLY one field (let say X). SAP doesn’t support field-level security and I am not sure how to solve this issue? I thought about givin users authorization to read infotype 0002 and hide sensitive fields but the problem with this approch hidden fields will effect all users. I don't know what to do about some users who want to view this sensitive fields (manager for examples).

Thanks for your help

4 REPLIES 4

Former Member

‎11-01-2006 6:14 AM

0 Kudos

Yes, you are right SAP does not provide field level security. We had a simillar issue when we wanted to hide the SSN field in some screens. We cannot have a security solution here.

Former Member

‎11-01-2006 10:16 AM

0 Kudos

Hi,

have a look at IMG (transaction SPRO)

[Personnel Management][Personal Administration][Customizing User Interface][Change Screen Modifikations]

There you could use your own feature (and also own coding) to display different screens.

I have used this to disable some fields depending on the role of an user.

Hope this helps.

Regards

Bernd

Former Member
In response to Former Member

‎11-10-2006 2:04 PM

0 Kudos

hi , follow the link, it talks about custom developed auth objects which can solve ur problem.

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/d9c4230a-0a01-0010-31be-921...

OR try using transaction variant Tcode- SHD0

with this u can specify field statuses for individual screens.

especially considering u want restrictions that affect only to particular group

of users.

hope it helps.

morten_nielsen
Active Contributor

‎11-11-2006 8:25 AM

0 Kudos

Hi

Sorry, but I do not think that Context Solution, nor the screen modification will solve your Issue.

The Context solution deals with the integration of structural authorization in the standard authorization concept. But P_ORGINCON still only deals with access on infotype level, not field level.

Modifying the screen, can help to some extend (in PA20, PA30), but the users will still have access in e.g. search help, reports etc. Here you could of course limit the access to infotype 0002 in search help, by avoiding giving access to search help (No 'M' Access), unfortunately, by doing this, the users won't be able to search on employee name , Further more you should thoroughly test all granted report to make sure that they won’t contain access to the field you want to protect.

If this requirement is an absolute must, you need to modify the standard authorization checks. I have never tried this, but my guess is that you should/could look at can the include MPPAUTZZ.

Regards

Morten Nielsen