Menu

HR General Authorization Concept

Recommend 4 Share

TherearetwowaystosetupHRSecurityHRGeneralAuthorizationsandHRStructural
Authorizations.

HRStructuralAuthorizationsarepositionbasedandareusedtorestrictaccessto
organizationalobjectslikejobs,tasks,organizationalunits,person,positionetc.

HerewewillbediscussingaboutHRGeneralAuthorizationconcepts.

HRGeneralAuthorizationsarerolebased.RolesarecreatedusingPFCGtcodewith
necessaryauthorizationssothatuserscanperformtheirtasks.

Rolesaregeneratedtoprovidethenecessaryauthorizations.Wehavealreadydiscussedabout
roleandauthorizationconceptinourR/3Securityrelatedtopics.Pleaserefertothemformore
details.

Weknowthatauthorizationobjectsareoneofthemostimportantelementsasfarassap
authorizationconceptsareconcerned.Belowisalistofsomeofthemostimportant
authorizationobjectsusedinHRSecurity:

ImportantHRSecurityAuthorizationObjects
Sl Authorization
No. Object Description

1 P_APPL HR:Applicants

2 P_PCLX HR:Clusters

3 P_PCR HR:PayrollControlRecord

4 P_ABAP HR:Reporting

5 P_ORGIN HR:MasterData

6 P_PERNR HR:MasterDataPersonnelNumberCheck

7 P_ORGXX HR:MasterDataExtendedCheck

8 P_TCODE HRTransactionCode

9 PLOG PersonnelPlanning

10 P_NNNNN CustomerSpecificAuthorizationObject

11 P_ORGINCON HR:MasterDatawithContext

12 P_ORGXXCON HR:ExtendedCheckwithContext

13 P_NNNNNCON HRMasterData:CustomerSpecificAuthorization
ObjectwithContext

BeforewemoveaheadwiththeHRGeneralAuthorizationchecksandauthorizationobjects,lets
havealookatthevariousHRdatatypeswhichareimportantforunderstandingHRSecurity
concepts:

PersonnelAdministration(PA)DataThisdataisrelatedtothevariousfeaturesof
employeesandapplicantsofanorganization.Byapplicantswemeanthosewhoapply
forjobsviajobapplication(i.e.peoplewhointendtobeonthepayrollofanorganization).
 BothemployeeandapplicantdataisstoredinPAinfotype.Wehavealreadydiscussed
abouttheinfotyperangeforPAinfotypesandOMinfotypesinourHRInfotypeSection.
AuthorizationobjectsP_ORGIN(CON),P_ORGXX(CON)andP_PERNRareusedto
restrictaccesstoPAdataforemployees.AuthorizationobjectP_APPLisusedtorestrict
accesstodataforapplicants.Wewillhaveadetaileddiscussionontheseauthorization
objectsincomingtopics.

PersonnelPlanning(PP)DataPersonnelPlanningisalsoreferredtoas
OrganizationalManagement(OM).Theinformationforthisdatatypeisrelated
Organizationaldatalikeposition,job,task,personetc.Thedataisstoredintablesofthe
formHRPXXXXwhere XXXX stands for infotypes. Similarly, the data for Personnel Administration
employees and applicants are stored in PAXXXX and PBXXXXtables respectively where XXXX
stands for infotypes. Authorization object PLOG is used to restrict access to PP data.

Time Evaluation and Payroll Results data These data are stored in cluster tables. Cluster
tables are of the form PCL1, PCL2 etc. Access to these data is restricted via authorization object
P_PCLX.

InourearliersectiononR/3SecuritywediscussedaboutthecheckindicatorvalueDo Not
Check in our discussion section related to SU24 concepts. Certain authorization objects apart from
BASIS and HR could be set to Do Not Check so as to skip the authority-check for these authorization
objects. Since SU24 could not be used for skipping check for HR objects, we have an option in HR
Security to selectively switch o check for certain HR Authorization objects. This can be done via tcode
OOAC. The authorization switch for HR Authorization objects can also be switched o via table T77S0
as shown in the gure below:

WewilldiscussmoreabouttheconceptofHRGeneralAuthorizationinthecomingtopics.

Next HR Authorization Fields

40
Rate this
Recommend 4 Share

0 Comments Sort by Oldest

Add a comment...

Facebook Comments Plugin

Comments are closed.

Search

HRSecurity
 WhenwetalkaboutsecurityinSAPHumanResourceManagementSystem(SAPHR

Security),wetalkaboutsecuring...
ReadMore

Every e ort is made to ensure content integrity. Use information on this site at your own risk. Send your
feedbacks/suggestions to feedback@sapsecurityanalyst.com. The weblog sapsecurityanalyst.com is not a liated to
SAP AG or any of it's subsidiaries. Please refer to *General Disclaimer*