cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UGR setup of hiding fields in PA30

Sankar_Aravind
Participant

on ‎2022 Dec 14 11:08 AM

0 Kudos
713

Hi Team,

There was some scenario I observed before in some project that (not sure how the full setup happened) for PA30 tcode as below.

we as admins cannot see some critical fields of other members (like for example, salary information or data of birth) though we have PA30 tcode because we are assigned with UGR parameter in SU01 and with some value.

Like the same way, we have a requirement that, users should not update some field on their own record for some info type and they should be able to see (at least or update) those for other employees in PA30.

May i know how this is possible and any steps for this?

Thank you,

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
BalasubramanianAP
Active Contributor
‎2022 Dec 15 3:32 PM

Hi, I am adding to Jurjen Heeck.

SAP HR is having a ocean of security features through "Structural Authorization". Using this concept & activating switches in Org. Management, you could be able to achieve your desired goal. Please check the blogs with the below link for some glimpses:

https://blogs.sap.com/2016/03/24/implementing-structural-authorizations-part-1/

Above blog is having multiple blog links which points to the ocean of "HCM" Security.

Show replies
Show replies
Sankar_Aravind
Participant
‎2022 Dec 15 7:10 PM
0 Kudos

Thank you Jurjen and Balaubramanian.

We already have checked and implemented P_PERNR restriction.

However, even our requirement also kind of running with mismatch authorizations.

One application need Write access for some infotype, but when it mix with some PA40 or some admin tcodes, the users are getting self-updating access for that infotype.

If restrict with P_PERNR, the actual application is failing.

So we want to continue Write, at the same time restrict user for self-updating for some info types. Thats where i remember the previous setup of different client, if we give user parameter UGR to me, I can not see some fields of infotypes of other users . but it will allow me to see all details of same infotype.

BalasubramanianAP
Active Contributor
‎2022 Dec 16 11:50 AM
0 Kudos

Hi, Please check this below link for a detailed usage of P_PERNR from sap help. Please check the fields AUTHC, PSIGN, INFTY, SUBTY with their valid values as per your security access requirements:

P_PERNR (HR: Master Data – Personnel Number Check)

You might have implemented some custom authorization object with user parameter value in SU3 (which you are remembering from your previous client). None of the standard documentation tells anything about user parameter (as Jurjen mentioned).

I guess using UGR, you can control actions/infotype screen controls/menus as per your user group settings. There is another parameter named 'MOL' also plays important role on this.

Ask a Question