on 03-31-2015 8:22 PM
Hello HCM-Security Experts,
is there a chance to have country specific authorizations in HCM so you can only see data from your own country. E.g if you are leading the Spanish HR you are only allowed to see data (not only payroll but all data) from your Spanish team.
I guess it would be easy by using OM structure but in my case OM structure is not been seperated by country so I'm afraid this is not the solution here.
Also I have not seen any authorization object which can be used to seperate country-based in PFCG roles.
Any ideas?
Additional information: Country is basically stored in Payrollarea.
Please point me into the right direction.
Thanks a lot!
Thanks Christopher. Are you talking about additional evaluation path. What about using exisitng PFCG object like P_ORGINCON and using Organizational Key which has been enriched by payroll area beforehand?
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gerhard,
Different country groupings will necessarily be in different personnel areas and that's a field in P_ORGIN, so, easy to control.
Or are you
- looking at Orgdata - not just people data? The structural auth will be the standard solution
- looking for a dynamic role autonatically assigning "my" country without requiering a role for each country? Then context sensitive auth is standard solution, though I would prefer to implement P_NNNNN and adding some coding to dynamicaly check the right country.
Both solutions require some experience in authorisations
Yes. It is called "structural authorizations"...and is a world unto itself. Lots of things to think out if you implement it. You need some security expertise on this one.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
107 | |
12 | |
10 | |
5 | |
5 | |
3 | |
3 | |
3 | |
3 | |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.