HR infotype authorization

former_member1291785 · ‎04-14-2010

Dear all,

I am created role for example "A" which is authorizes to only creation of infotype for example 0002 in role "A" master data

Authorization level w,R

Infotype 0002

Personnel Area *

Employee Group *

Employee Subgroup *

Subtype *

Organizational Key *

but i am unable to understand how to give only infotype change and delete authorization to role "B"

please guide me and also what is the simple definition of ( what function in authorization in simple way )

S (write locked record; unlock if the last person to change the record is not the current user),

E (write locked record),

D ( change lock indicator )

Regards

Rayyan

Former Member · ‎04-14-2010

you are talking of object P_ORGIN, I take it?

Go to tx. SU21 --> HR --> P_ORGIN --> Authorisation Level (doubleclick with mouse) --> 'Show object documentation'

The documentation is actually really good and plausible. It makes much more sense, you read it there instead of my trying to describe it here ...

Former Member · ‎04-14-2010

Shahid,

There is not a way to seperate the Create/Change/Delete functionality on HR Infotypes for objects like P_ORGIN. Unfortuntally these are the limiation of SAP HR Security only using the "W" authorizaiton. At my client we had to build processes around this and ensure correct HR Master Data group was centralized for responsibity and authorizations as well as turned on audit logging for reporting.

Thanks,

Matt

Former Member · ‎04-20-2010

Hi,

Review this function module with an ABAP Consultant or yourself.... (tx. se37)

- HR_READ_INFOTYPE_AUTHC_DISABLE

Hope it helps you...

--

Alexis Sánchez

SAP ABAP Development Consultant

Molen Services and Consulting, C.A.