if you want to use the personnel number check (authorization object:

P_PERNR) you have to activate it via transaction OOAC. In case

you want to achieve that one user can only maintain his own personnel

number we would recommend not to use P_ORGIN in the authorization

profile, but only P_PERNR. You can assign all infotypes that are

necessary for CATS via P_PERNR in the authorization profile. But

please activate 'P_PERNR' AND 'P_ORGIN' via transaction OOAC as

described in the attached note 362675.

Additionally, if you have IT0316 & IT328 defined, you might want to

consider just using IT0316.

IT0316 represents the authorization for data entry profiles and

depends on the profile setting. If a user has authorization for

IT0316 and for a specific profile authorization group (subtype of

infotype 0316) that has profiles not requiring approval assigned to it

the user can approve the data, even if he/she does not have

authorization for infotype 0328.

Please see the following example of how we have our user defined for

reference:

Object: P_PERNR (HR master data -personnel number check)

1) level: E, M, R

infotype: 0316

interpretation: I

subtype: *

2) level: *

infotype: 0005, 2001-2013

interpration: I

subtype: *

depending on CATS profile. I assume data entries in CATS

don´t have to be approved and directly create HR data.

Maybe you will have to adjust authorization levels.

3) level: M,R

infotype: 0000-0002, 0007, 0105, 0315, 2001-2003

interpretation: I

subtype: *

Object: Transactions: Cat2 and cat3

If approval of data in CATS is necessary, IT 0328 still has to be

checked.

This was tested in one of our systems and it worked: if no

authorization for time entry in cat2 for other personnel no. it did

not allow entries; they could only make entries for their own

personnel no. as in IT 0105 and T513A.