Академический Документы
Профессиональный Документы
Культура Документы
What is HR System ?
HR System deals with Company Data,Employee data and Payroll Data much of which might be of
sensitive nature.
Ex: After joining a employee into the Organization,every employee maintain some personal,company
and payroll data,so HR system maintain all these data into the system.
Note: Payroll is very crucial factor in companys and important part of the HR System.
HR Security : HR security concept is used to restrict Confidential & Private data,HR security define two
Level of security
HR Security
Level
Level 1
Level 2
Public data
Confidential & Private data
Structural Authorization
Level 1 HR Security
Level 1 security is possible through Standard Authorization Concept - T-code & Authorization
Level 2 HR Security
Restriction based on Designation or Location or Department is not possible with Standard Authorization
Concept.
Level 1 HR Security
1st Level of security can be done through the help of Standard authorization Concept, in SAP HR the
concept of Infotype.
Infotypes : - Information type which represent all information like related to company or employee or
payroll etc anything is represent in form of Infotype. In general infotypes are structures to stores related
HR data.
Its represented by 4 digit 0000 to 9999
For example, address of an employee is stored in an unique infotype 0006. Similarly we have different
infotypes storing personal data (0002), bank details (0009) , basic salary (0008), etc. Some infotypes
are further sub-divided into subtypes, an example being the address infotype. An address entry can
belong to the subtype permanent residence, temporary residence, emergency address, mailing
address, etc. Infotypes are relevant from a security standpoint as SAP provides standard authorization
objects which allow us to secure infotype, subtype combinations for users.
9000 9999 Customer Specific (Can store either PA or PP information depending on infotype
configuration.
Payroll Data :
P_PCLX : HR Clusters
T-Codes
PA20 : Display HR Master Data (Employee Data)
PA30 : Maintain HR Master data (Employee Data)
PO13 : Maintain Position (Company Data)
PO10 : Maintain ORG Unit (Company Data)
Note : As a Security Consultant we dont create HR Master Record only HR Master Record are
created by HR Functional consultant.
Indirect Role assignment : In direct role assignment we are not assigning a role directly to the user,we
are assigning position to the user. We will go for two types of indirect role assignment.
Position Based
Org Unit Based
100096 Person No
Role
Bell3
(User_Id)
Organization
Sales Department
Manager
Clerk
Finance
Department
Manager
HR
Department
Clerk
Manager
Clerk
Structural Authorizations
Structural Authorizations as the name suggests are used to restrict access to a certain organizational
structure. As such they are only used while accessing HR data. In general, structural authorizations serve
two purposes
Restrict access to certain OM objects like Org Units, Jobs, Tasks, Qualification Catalogs etc.
In interaction with the access to authorization objects for PA master data, they can restrict access
to certain set of persons in the enterprise.
A persons total authorization is a result of the interaction between his general authorizations
(through roles) and his structural authorizations (through PD profiles).
Secondly, structural authorizations are always used to restrict access. You can never use
structural authorizations to grant access. It can only be used to restrict access to a smaller set of
objects or people than is already given though a general authorizations.
While using structural authorizations to restrict access, we need to ensure to add access to the
corresponding objects are also added to the users roles through PLOG.
Role
Sales Manager
100096 Person No
Bell2 (User_id)
Sales PD
Profile
PD Profile T-codes
OOAC
OOSP
OOSB