Start of Content Area

Function documentation Authorization Concept of HCM Processes and Forms Locate the document in its SAP Library structure

Use

Protection of personal data is an important aspect of IT-supported HR tasks. For this reason, authorizations in SAP Personnel Management can be defined down to the smallest detail to prevent unauthorized access to person-specific data. 

On the other hand, the aim of HCM Processes and Forms is to involve as many users as possible in the performance of routine HR tasks and thus to enable more efficient processing.  For this purpose, a special authorization concept was developed for HCM Processes and Forms with which you can involve all employees in these processes without having to assign them all of the relevant HR authorizations. This enables shorter implementation times and reduces the risk of assigning employees incorrect authorizations. 

The authorization concept of HCM Processes and Forms separates users’ authorizations to access specific forms, processes, and attachments from the users’ authorizations to access HR data in the infotypes of the backend system.

Features

     There are three methods available for checking authorizations. They are defined according to the authorization objects that are used in the authorization check:

     Use of the authorization object for HCM Processes and Forms: P_ASRCONT

     Use of the traditional HR authorization objects

     Combination of both methods

Note

For more information, see Methods for Checking Authorizations.

     You specify the required method for checking authorizations in Customizing for HCM Processes and Forms. This has the following advantages:

     If you want to use the traditional HR authorization objects, you only need to change the existing authorizations for employees, managers, and HR administrators if authorizations to read (manager, employee) or change (HR administrator) are included for additional infotypes.

     If you use the authorization object P_ASRCONT, you must include the authorization object in the profile but you do not need to adjust the previous authorizations.

     The authorization checks distinguish between the various activities the user can perform. You can assign a method for checking authorizations to each activity.

Example

Some examples of activities are:

      Launch Process / Form

      Read

      Approve Form

      Save Application Data

Note

You set up these authorizations using the traditional HR authorization objects.

      A – Approve Form

      P – Process Form

      X – Save Application Data

     You can assign the methods for checking authorizations to their activities on various levels in Customizing. You can thus greatly simplify the assignment of required authorization checks and benefit from even greater flexibility when protecting especially sensitive data.

     You can specify the method for checking authorizations that is used in the process for an activity (see above) that is to be performed.

     You can refine the specified data on the process level. You can group individual processes into process groups if necessary. You can then assign a method for checking authorizations to these process groups for each activity. This enables you to perform a simplified or a strict authorization check for individual processes.

     You can group form scenarios into form scenario groups. You can specify the activities for which users can be assigned authorizations for these groups in the authorization object P_ASRCONT.

     You can also specify the activities for which users can be assigned authorizations for attachment types in the authorization object P_ASRCONT.

See also:

     The Implementation Guide (IMG) for Personnel Management under Personnel Administration -> Tools -> Authorization Management

     SAP Library under Human Resources ® HR Tools ® Structure linkAuthorizations for Human Resources.

     The documentation for the authorization object P_ASRCONT.

 

 

End of Content Area