Currently, our non HCM user security includes P_ORGIN, AUTHC = W and InfoType 0002 to allow users to search on Last Name, First Name to assign PERNR's to sales orders, etc. These authorizations allow them to search on First Name/Last Name from IT0002, however when they select Personnel ID search type, the search results also bring back the SSN and Start Date (equal to birthdate) of IT0002.
What is best practice to handle this bleedthrough? We need to restrict the confidential info from IT0002, but still allow non HCM users to search on First Name, Last Name from IT0002.
Thank you for any suggestions!
PERNR uses collective search help PREM.
The Elementary search helps that displays SSN is PREMC ( Personnel ID).
Birthdate is dispayed by search helps PREMG, PREMJ, PREMN.
Depending on your requirement you can suppress the search help PREMC all together for HCM and non HCM users by marking it as hidden in the collective search help PREM
For PREMG, PREMJ and PREMN, there are 2 options: