cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Protecting confidential Data - Job field (STELL) infotype 0001, PA30

Former Member

on ‎10-20-2014 3:56 PM

0 Kudos

Hello SAP experts,


I have a problem with the Protecting confidential Data in HR module,Infotype 0001.

The main goal is to find out how to prevent SOME of the users from viewing the field Job (STELL) for certain employee,

because it is considered as a confidential data in our company.

          To be precise I want to exclude Job (STELL) field from viewing through the infotype 0001 (but not to exclude whole 0001 infotype).

And I want to prevent the most of the SAP users in my company to read the data from that field, anyhow... ad-hoc queries or any other way.

this is printscreen from pa30 transaction and the yellow is the data that I don't want to be accessible

Is there any possible solution for that?

I've tried to solve this problem by creating custom authorization object … P_NNNNN but that's not the solution I need because it protects whole infotype 0001, not only certain fields.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎10-22-2014 11:53 AM
0 Kudos

Hi Zoran,

I seen a project where PA30/PA20 Screens are only visible to guys having Valid Green Card .

Tech guy used to wait for his Green card holder might be a Functional to show the screen and work on any pending queries.

Weird it was !

Regards

Rohit.S

Show replies
Show replies
leelamohan_kavali
Active Contributor
‎10-21-2014 9:10 AM
0 Kudos

Dear,

As Sven said I'm not sure this can be done through authorization level because I've always gone with info type level restrictions not field level. And also Just open this issue with Basis & ABAPER if It's possible with ABPER & Basis ask them to fix this issue.

Ur's Mohan

Show replies
Show replies
Former Member
‎10-20-2014 8:58 PM
0 Kudos

Hi Zoran,

The simple and certainly unwelcome answer is: it is not possible. Authorisations in SAP HR do not go down to field level.

There are some thing that can be done in these situations, but none is straightforward and none is generic. You would need to analyse in detail why those, who should not see this field, need access to IT0001. And then pick one of these options:

1) leave authorisation to IT0001 open for them and hide the field STELL from those people in all screens/reports they may need it. In the easiest of worlds: if they only see it in IT0001 directly, you could use a BADI or screen modifications in T588M (plus custom coding in feature) to hide it.

I've also seen clients midifying ligical database PNP(CE).

2) take IT0001 away from them in authorisations and then give it back e.g. for harmless reports via P_ABAP. Or create a custom infotype copying IT0001 data excl STELL - that would work for display only. But if data from IT0001 is needed for standard transactions, this would fail.

So, I trust you see this could easily turn into a sizable project with loads if follow up cost in future.

Unless you can use version 2 in a sime scenario, because people, who mustn't see the job don't need much of IT0001.

So, maybe it's better to address the flawed design. Clearly, the way you use the job field in SAP does not reflect what's possible in the system.

Have you challenged, why the field should be kept secret from users, who otherwise have access to HR data?

Yes, it probably indicates salary bands etc. But first and foremost it says, what the employee does. People know this anyway. If someone is head of IT department it allows you to guess their salary to some extent, but you don't need this field to know.

So, plenty of approaches. It is extremely contextual to decide, what the right one is. If you only have programmers or so called tech or biz anslysts (who only understand their resoective half if the story) to help you, you may need on okd fashioned consultant to run a workshop and help you decide how to rectify the faulty design.

But hopefully you got an idea how to attack it already from my elaborations.

Good luck

Sven

Show replies
Show replies
Ask a Question