on 02-16-2016 1:39 PM
Dear everyone,
due to sensitive data in HR/HCM context we would like to restrict access to HR-Tickets.
I imagine it would be easiest to go via categorization or component.
Up until now I have only found Information regarding approver Determination/approver authorization and Information on how to differentiate between different document types (SMIN/SMCR,...)
Has anyone of you ever implemented a solution like this:
categorization = "HR/HCM" --> only a certain user Group, the message processor and the Reporter can find, Access, Change the ticket.
Thank you for your Input!
Tabea
Hi Tabea,
i have done this in various degrees for some customers, but not yet based on categorization.
But i think that should not be a problem.
You can use BadI CRM_ORDER_AUTH_CHECK to implement the authorization check:
- Method CRM_ORDER_ADD_AUTH_CHECK for create/edit/display
- Method CRM_RFW_CALL_AUTHORITY for search result lists
Best Regards,
Christoph
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tabea,
In relation to the information provided by Christoph, Check the SAP Note 1981995 - Restricting Visibility of Messages Using An Assigned Configuration Element. This note has the code that needs to be used in the BADI Implementation.
Explore the option of adding the HR team members to a organizational unit and using the Authorization object SM_SDK_IBA with value USERS_ORG to restrict access.
If the restriction has to be based only on the categorization values then you may not be able to take the advantage of the standard Authorization object SM_SDK_IBA. As Christoph indicated you might have to handle the entire authority check in the BADI methods with your custom code. Let me know if you are looking for additional details on this.
Regards,
Kathir
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.