cancel
Showing results for 
Search instead for 
Did you mean: 

UGR setup of hiding fields in PA30

Sankar_Aravind
Participant
0 Kudos
444

Hi Team,

There was some scenario I observed before in some project that (not sure how the full setup happened) for PA30 tcode as below.

we as admins cannot see some critical fields of other members (like for example, salary information or data of birth) though we have PA30 tcode because we are assigned with UGR parameter in SU01 and with some value.

Like the same way, we have a requirement that, users should not update some field on their own record for some info type and they should be able to see (at least or update) those for other employees in PA30.

May i know how this is possible and any steps for this?

Thank you,

Accepted Solutions (0)

Answers (2)

Answers (2)

BalaAP
Active Contributor

Hi, I am adding to Jurjen Heeck.

SAP HR is having a ocean of security features through "Structural Authorization". Using this concept & activating switches in Org. Management, you could be able to achieve your desired goal. Please check the blogs with the below link for some glimpses:

https://blogs.sap.com/2016/03/24/implementing-structural-authorizations-part-1/

Above blog is having multiple blog links which points to the ocean of "HCM" Security.

Sankar_Aravind
Participant
0 Kudos

Thank you Jurjen and Balaubramanian.

We already have checked and implemented P_PERNR restriction.

However, even our requirement also kind of running with mismatch authorizations.

One application need Write access for some infotype, but when it mix with some PA40 or some admin tcodes, the users are getting self-updating access for that infotype.

If restrict with P_PERNR, the actual application is failing.

So we want to continue Write, at the same time restrict user for self-updating for some info types. Thats where i remember the previous setup of different client, if we give user parameter UGR to me, I can not see some fields of infotypes of other users . but it will allow me to see all details of same infotype.

BalaAP
Active Contributor
0 Kudos

Hi, Please check this below link for a detailed usage of P_PERNR from sap help. Please check the fields AUTHC, PSIGN, INFTY, SUBTY with their valid values as per your security access requirements:

P_PERNR (HR: Master Data – Personnel Number Check)

You might have implemented some custom authorization object with user parameter value in SU3 (which you are remembering from your previous client). None of the standard documentation tells anything about user parameter (as Jurjen mentioned).

I guess using UGR, you can control actions/infotype screen controls/menus as per your user group settings. There is another parameter named 'MOL' also plays important role on this.

jurjen_heeck
Active Contributor

To differentiate in authorizations for your own personell record and that of others look into authorization object P_PERNR. Adjust roles according to your requirements. The user parameter UGR doesn't have anything to do with that, or at least it shouldn't, as user parameters are not a security feature.