cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HR Administrator unable to change own data

Go to solution
former_member110461
Active Contributor

on ‎09-18-2006 12:26 PM

0 Kudos

The HR administrator role has been setup with P_PERNR and value E to prevent them from maintaining their own data in PA30. However, they are also an ESS user, who need access to maintain certain infotypes for their personal data. P_PERNR in the ESS role has an I value, which is overridden by E value from the HR Administrator role, hence they are prevented from maintaining their own data within ESS.

Has anyone found a method around this which stops the HR administrators changing all of the infotypes of their own data in PA30, but allows them ESS changes?

Thanks

Paul

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-18-2006 2:57 PM
0 Kudos

Hi Paul

What I have seen is that we create 2 roles, HR Administrator and ESS Employee. Assign both the roles to the HR Administrator. They will be able to do both the things.

Regards

Lincoln

Show replies
Show replies
suresh_datti
Active Contributor
‎09-18-2006 4:21 PM
0 Kudos

You can also use the BAdI(HRPAD00AUTH_CHECK) to replace the SAP standard authorization check for HR master data and infotypes with a customer-specific check.

~Suresh

former_member110461
Active Contributor
‎09-18-2006 5:16 PM
0 Kudos

Thanks to both of you for the responses.

Unfortunately Lincoln, that is what we have currently done, but as per SAP's own documentation, the E in P_PERNR takes priority.

We were hoping not to go down the development route - but that BADI may be what we have to do.

Many Thanks

Paul

Former Member
‎09-18-2006 5:45 PM
0 Kudos

That may the case Paul. I am not an expert on Authorizations but thats what I had observed in one of my project. Will try to get more details regarding the way they configured that.

Regards

Lincoln

Answers (1)

Answers (1)

Former Member
‎09-18-2006 5:59 PM
0 Kudos

Hi,

We have solved the issue by using Double checking authorization Process for payroll critical infotypes, when we had challenged by the exactly same issue.

1. We have decided that ESS role for each employee of an organization.

2. ESS role would be the central place for P_PERNR authorization check.

3. We have given HR administrator <u><b>Authorization level M, R, E and S</b></u> based upon their area of responsibility

4. Then allowed <u><b>Interpretation of assignment</b></u> for HR administrator is I

What happened by doing this:

HR administrator was able to create their own record, but it was locked and not ready for any kind of processing.

Then we have a workflow, which goes to their boss and they check the entry and they unlock for further processing.

For rest of the infotypes which are not payroll sensitive, we have given <u><b>Authorization level W</b></u> with <u><b>Interpretation of assignment as I</b></u>.

Possible values if the field is used together with one of the four first objects (the values E, D and S may only be specified together with R):

o M (read with entry helps)

o R (read),

o S (write locked record; unlock if the last person to change the record is not the current user),

o E (write locked record),

o D (change lock indicator),

o W (write data records)

• * (all operations).

Hope this would be help.

Please let me know or call me at 253-382-2725 if you need any further help.

Thanks

Show replies
Show replies
Ask a Question