on 04-01-2010 1:02 PM
Hello all,
WE have an issue with the our authorizations for our paymasters. We have paymaster A who is able to access her payroll area and also the payroll areas of the other paymaster.
Paymaster A is our hourly person and should never see anything with the payroll reports/programs for any salaried employees. We have set up structural authorizations which is working for everything except when the paymaster runs her payroll program, posting programs or any payroll related report and programs, she is able to execute the other payroll areas.
Does anyone have any idea how we can restrict her from running reports, programs for other payroll areas??
Thank you in advance.
I agree to check the authorization object P_ABAP to see if the report authorizations are being by-passed. Additionally, check P_ORGINCON authorization object for employee group, if this is how you distinguish salaried vs. hourly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Brenda,
The field 'payroll area' is not part of the authority check in HR.
In the standard a report checks via the logical data base PNP the
authority objects 'HR: master data' and 'HR: master data - extended
check' along with the authority object 'HR: reporting'. Therefore,
you have the following options:
- Via the authorization 'HR: master data' you can check the field
'Organisational key'. This field can be filled with the feature
VDSK1 and the tables T527, T527A and T5720 (please also have a look
at the documentation of feature VDSK1). In the organisational key
you could implement a check for the payroll area.
- Via the authorization 'HR: master data -extended check' you can
check the field 'Administrator Payroll'. With this authorization
you can restrict the authorization for RPCALC*. Please bare in mind
that you have to activate the authority check.
- Via the report RPUACG00 you can define yourself an authority object
including the field 'payroll area'. Please also have a look at the
report documentation.
Please also be aware that the authority object 'HR: Reporting'
cancels the above mentioned authorizations.
Regards,
Carlos.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Check authorization object P_ABAP in security roles (transaction PFCG). In many cases it contains payroll programs/reports to improve performance. When this object contain certain report then this report doesn't check access rights.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.