Authorizations

Role Concept and Authorization Concept for Payroll

Payroll uses the authorization concept provided by SAP NetWeaver Application Server ABAP, which is based on the assignment of authorizations to users using roles.

The roles named as “standard roles” are available as templates. You can copy the standard roles into the customer-specific namespace and adjust them to suit your requirements. To maintain roles, you use the Profile Generator (transaction PFCG).

For more information, see the section Authorizations of the SAP ERP Central Component Security Guide.

Standard Roles

The following table shows examples of standard roles that are used by the Payroll component.

Standard Roles

Role

Description

SAP_HR_PY_xx_PAYROLL-ADM

Payroll administrator <xx>

SAP_HR_PY_xx_PAYROLL-MANAGER

Payroll manager <xx>

SAP_HR_PY_xx_PAYROLL-PROC-ADM

Payroll procedure administrator <xx>

SAP_HR_PY_xx_PAYROLL-SPEC

Payroll specialist <xx>

SAP_HR_PY_xx_*

Roles for mapping country-specific tasks within Payroll

SAP_HR_PY_PAYROLL-LOAN-ADM

Loan accounting administrator

xx stands for the country key. For the roles marked with an asterisk (*), additional roles exist for each of the countries.

Standard Authorization Objects

Payroll uses the authorization objects that are usually available for Human Resources. For more information, see Authorizations .

The following table shows the security-relevant authorization objects that are also used by Payroll .

Standard Authorization Objects

Authorization Objects

Name

Description

Additional Information

P_PBSPWE

Process Workbench Engine (PWE) authorization

Authorizations for the Process Workbench Engine(PWE)

P_PCLX

HR: Cluster

Check when accessing HR files on the PCLx (x = 1, 2, 3, 4) databases

SAP Library for SAP ERP under P_PCLX (HR: Cluster)

P_PCR

HR: Personnel control record

Authorization check for the personnel control record (transaction PA03)

SAP Library for SAP ERP under P_PCR (HR: Personnel Control Record)

P_PE01

HR: Authorization for personnel calculation schemes

Authorization check for personnel calculation schemes

SAP Library for SAP ERP under P_PE01 (HR: Authorization for Personnel Calculation Schemas)

P_PE02

HR: Authorization for personnel calculation rule

Authorization check for personnel calculation rules

SAP Library for SAP ERP under P_PE02 (HR: Authorization for Personnel Calculation Rule)

P_PYEVDOC

HR: Posting document

Protection of actions on payroll posting documents

SAP Library for SAP ERP under P_PYEVDOC (HR: Posting Document)

P_PYEVRUN

HR: Posting run

Control of actions that are possible for posting runs

SAP Library for SAP ERP under P_PYEVRUN (HR: Posting Run)

P_OCWBENCH

HR: Activities in the Off-Cycle Workbench

Used for the authorization check in the Off-Cycle Workbench.

SAP Library for SAP ERP under P_OCWBENCH (HR: Activities in the Off-Cycle Workbench)

S_TMS_ACT

Actions on TemSe objects

The authorization determines who may execute which operations on which TemSe objects

SAP Library for SAP ERP under S_TMS_ACT (TemSe: Actions on TemSe Objects)

For documentation about authorization objects, see SAP Library for SAP ERP and choose Start of the navigation path SAP ERP Central Component Next navigation step Human Resources Next navigation step HR Tools Next navigation step Authorizations for Human Resources Next navigation step Technical Aspects Next navigation step Authorization Objects End of the navigation path .

Authorizations for Posting Data to Accounting

The authorization check for posting data to Accounting is performed using report authorizations. This means that the different level of detail of the data comes from calling different reports and can be restricted using corresponding report authorizations.

When posting data to Accounting, the following authorization checks are made:

  • Report RPCIPA00

    • Authorization object S_Program, based on report RPCIPA00

    • Authorization object P_PYEVRUN, based on:

      • Run type PP

      • Run information (simulation, productive)

      • Activity (display)

  • Report RPCIPS00

    • Authorization object S_Program, based on report RPCIPS00

    • Authorization object P_PYEVDOC, based on:

      • Company code of document

      • Activity (display of contents of posting document)

  • Report RPCIPD00

    • Authorization object S_Program, based on report RPCIPD00

    • Authorization object P_PYEVDOC, based on:

      • Company code of document

      • Activity (display of detailed posting information with data related to personnel number)

For more information, see SAP Note 1235291.