cancel
Showing results for 
Search instead for 
Did you mean: 

How to set Authorisation to view and maintain employee data.

senthil_kumar29
Participant
0 Kudos

Hi,

I have a requirement to restrict the user to view and maintain all employee data except some manager position for some company codes. How can I do this .

Cheers

Senthil

Accepted Solutions (0)

Answers (2)

Answers (2)

p190355
Active Contributor
0 Kudos

Hi,

(This is what we had done....)

Check the composite role : SAP_EMPLOYEE_ERP

Create a Z role for SAP_EMPLOYEE_ERP;

Will prompt you to copy the corresponding roles in it to z roles.

The z-composite role is then assigned to the user.

While creating an ESS user, to to restrict access to personnel master data, changes in the authorization P_ORGIN needs to be done.

In our case, check the z-role created ; zSAP_ESSUSER_ERP.

In Authorizations tab=>Display authorization data option => ;

Expand Human Resources;

In HR : Master data, you can find the various authorization assignments to P_ORIGIN;


Authorization level (AUTHC)
Infotype (INFTY)           
Personnel Area (PERSA)
Employee Group   (PERSG)
Employee Subgroup  (PERSK)
Subtype (SUBTY)
Organizational Key (VDSK1)

Authorization level (AUTHC) takes the values :

• R (Read) : for Read access

• M (Matchcode) : for Read access to Input helps (F4)

• W (Write) : for Write access

• S (Symmetric) : for Write access using the Symmetric Double Verification Principle

• * : always includes all other authorization levels simultaneously

• E and D (Enqueue and Dequeue) :

for Write access using the Asymmetrical Double Verification Principle. E allows the user to create and change locked data records and D allows the user to change lock indicators.

In your case probably you need to consider for :

Employee Group (PERSG) / Employee Subgroup (PERSK)

the Authorization level set to R for the defined infotypes.

This is again, Basis work....

Please Check the links to get more clue :

http://www.sapsecurityonline.com/hr_security/hr_security.htm

http://help.sap.com/erp2005_ehp_02/helpdata/en/70/b7b83b5b831f3be10000000a114084/frameset.htm

Hope this helps you!!

Cheers and Good Luck!!

Remi

Former Member
0 Kudos

Hi

For authorization, you have to create different profiles, for eg we can create a role

HR Administrator1 can see all the employee details

HR Administrator 2 can see all employee details except 0008, 0014, 0015 and 2010 etc

You have to specify very clearly each roles and the transaction codes attached to it. You can take the help of your basis consultant for giving general authorization.

We normally work on object P_ORGIN where we can restrict the authorization across personal area, infotype, employee group, employee subgroup, org key etc

Kindly let me know if you have further doubts on this.

Regards

Santhosh.S