Академический Документы
Профессиональный Документы
Культура Документы
TherearetwowaystosetupHRSecurityHRGeneralAuthorizationsandHRStructural
Authorizations.
HRStructuralAuthorizationsarepositionbasedandareusedtorestrictaccessto
organizationalobjectslikejobs,tasks,organizationalunits,person,positionetc.
HerewewillbediscussingaboutHRGeneralAuthorizationconcepts.
HRGeneralAuthorizationsarerolebased.RolesarecreatedusingPFCGtcodewith
necessaryauthorizationssothatuserscanperformtheirtasks.
Rolesaregeneratedtoprovidethenecessaryauthorizations.Wehavealreadydiscussedabout
roleandauthorizationconceptinourR/3Securityrelatedtopics.Pleaserefertothemformore
details.
Weknowthatauthorizationobjectsareoneofthemostimportantelementsasfarassap
authorizationconceptsareconcerned.Belowisalistofsomeofthemostimportant
authorizationobjectsusedinHRSecurity:
ImportantHRSecurityAuthorizationObjects
Sl Authorization
No. Object Description
1 P_APPL HR:Applicants
2 P_PCLX HR:Clusters
3 P_PCR HR:PayrollControlRecord
4 P_ABAP HR:Reporting
5 P_ORGIN HR:MasterData
6 P_PERNR HR:MasterDataPersonnelNumberCheck
7 P_ORGXX HR:MasterDataExtendedCheck
8 P_TCODE HRTransactionCode
9 PLOG PersonnelPlanning
10 P_NNNNN CustomerSpecificAuthorizationObject
11 P_ORGINCON HR:MasterDatawithContext
12 P_ORGXXCON HR:ExtendedCheckwithContext
13 P_NNNNNCON HRMasterData:CustomerSpecificAuthorization
ObjectwithContext
BeforewemoveaheadwiththeHRGeneralAuthorizationchecksandauthorizationobjects,lets
havealookatthevariousHRdatatypeswhichareimportantforunderstandingHRSecurity
concepts:
PersonnelAdministration(PA)DataThisdataisrelatedtothevariousfeaturesof
employeesandapplicantsofanorganization.Byapplicantswemeanthosewhoapply
forjobsviajobapplication(i.e.peoplewhointendtobeonthepayrollofanorganization).
BothemployeeandapplicantdataisstoredinPAinfotype.Wehavealreadydiscussed
abouttheinfotyperangeforPAinfotypesandOMinfotypesinourHRInfotypeSection.
AuthorizationobjectsP_ORGIN(CON),P_ORGXX(CON)andP_PERNRareusedto
restrictaccesstoPAdataforemployees.AuthorizationobjectP_APPLisusedtorestrict
accesstodataforapplicants.Wewillhaveadetaileddiscussionontheseauthorization
objectsincomingtopics.
PersonnelPlanning(PP)DataPersonnelPlanningisalsoreferredtoas
OrganizationalManagement(OM).Theinformationforthisdatatypeisrelated
Organizationaldatalikeposition,job,task,personetc.Thedataisstoredintablesofthe
formHRPXXXXwhere XXXX stands for infotypes. Similarly, the data for Personnel Administration
employees and applicants are stored in PAXXXX and PBXXXXtables respectively where XXXX
stands for infotypes. Authorization object PLOG is used to restrict access to PP data.
Time Evaluation and Payroll Results data These data are stored in cluster tables. Cluster
tables are of the form PCL1, PCL2 etc. Access to these data is restricted via authorization object
P_PCLX.
InourearliersectiononR/3SecuritywediscussedaboutthecheckindicatorvalueDo Not
Check in our discussion section related to SU24 concepts. Certain authorization objects apart from
BASIS and HR could be set to Do Not Check so as to skip the authority-check for these authorization
objects. Since SU24 could not be used for skipping check for HR objects, we have an option in HR
Security to selectively switch o check for certain HR Authorization objects. This can be done via tcode
OOAC. The authorization switch for HR Authorization objects can also be switched o via table T77S0
as shown in the gure below:
WewilldiscussmoreabouttheconceptofHRGeneralAuthorizationinthecomingtopics.
40
Rate this
Recommend 4 Share
Add a comment...
Search
HRSecurity
WhenwetalkaboutsecurityinSAPHumanResourceManagementSystem(SAPHR
Security),wetalkaboutsecuring...
ReadMore
Every e ort is made to ensure content integrity. Use information on this site at your own risk. Send your
feedbacks/suggestions to feedback@sapsecurityanalyst.com. The weblog sapsecurityanalyst.com is not a liated to
SAP AG or any of it's subsidiaries. Please refer to *General Disclaimer*