cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HR Authorizations - Payroll area

Go to solution
Former Member

on ‎04-01-2010 1:02 PM

0 Kudos

Hello all,

WE have an issue with the our authorizations for our paymasters. We have paymaster A who is able to access her payroll area and also the payroll areas of the other paymaster.

Paymaster A is our hourly person and should never see anything with the payroll reports/programs for any salaried employees. We have set up structural authorizations which is working for everything except when the paymaster runs her payroll program, posting programs or any payroll related report and programs, she is able to execute the other payroll areas.

Does anyone have any idea how we can restrict her from running reports, programs for other payroll areas??

Thank you in advance.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

kmoore007
Active Contributor
‎04-06-2010 3:45 PM
0 Kudos

I agree to check the authorization object P_ABAP to see if the report authorizations are being by-passed. Additionally, check P_ORGINCON authorization object for employee group, if this is how you distinguish salaried vs. hourly.

Show replies
Show replies
Former Member
‎04-07-2010 6:21 PM
0 Kudos

Hello All,

I was able to fix my problem with the replies I received.

For this particular role, Paymaster Houly I used P_ORIGINCON and was able to enter the payroll area. All is working now and I want to thank you very much.

Answers (2)

Answers (2)

former_member17522
Active Contributor
‎04-06-2010 2:26 PM
0 Kudos

Hello Brenda,

The field 'payroll area' is not part of the authority check in HR.

In the standard a report checks via the logical data base PNP the

authority objects 'HR: master data' and 'HR: master data - extended

check' along with the authority object 'HR: reporting'. Therefore,

you have the following options:

- Via the authorization 'HR: master data' you can check the field

'Organisational key'. This field can be filled with the feature

VDSK1 and the tables T527, T527A and T5720 (please also have a look

at the documentation of feature VDSK1). In the organisational key

you could implement a check for the payroll area.

- Via the authorization 'HR: master data -extended check' you can

check the field 'Administrator Payroll'. With this authorization

you can restrict the authorization for RPCALC*. Please bare in mind

that you have to activate the authority check.

- Via the report RPUACG00 you can define yourself an authority object

including the field 'payroll area'. Please also have a look at the

report documentation.

Please also be aware that the authority object 'HR: Reporting'

cancels the above mentioned authorizations.

Regards,

Carlos.

Show replies
Show replies
Former Member
‎04-01-2010 1:45 PM
0 Kudos

Hi,

Check authorization object P_ABAP in security roles (transaction PFCG). In many cases it contains payroll programs/reports to improve performance. When this object contain certain report then this report doesn't check access rights.

Cheers

Show replies
Show replies
Ask a Question