Security for Additional Applications

Display of Documents Using Remote Function Call (RFC)

Posting Data to Accounting

Administrators for Accounting can use the transaction PCP0 ( Display posting runs ) to display posting documents for Human Resources by choosing Start of the navigation path Goto Next navigation step Document Overview Next navigation step Goto Next navigation step Accounting Documents End of the navigation path . The administrator requires a user for Human Resources that has the corresponding report authorizations for posting data to Accounting (see Authorizations ). You can also deactivate this option by removing the corresponding ALE function module.

Conversely, the authorization check for displaying documents from Accounting must be made from the HR system to Accounting.

External Wage Components

From the External Wage Components infotype (0579), users can display the original document for an external wage component. The document is displayed using the function module HR_PCIF_SHOW_RECEIPT, which calls an RFC-capable function module in the external system. This function module then has to perform its own checks.

The function module BAPI_WAGE_COMP_EXT_GET_LIST is used to display a list of data of the External Wage Components infotype (0579). This uses the function module HR_CHECK_AUTHORITY_INFTY for the authorization check.

For the detailed view, the function module BAPI_WAGECOMPEXT_GETDETAIL is used. This uses the function module HR_READ_INFOTYPE for the authorization check.

For more information, see SAP Note 318789.

Interface Toolbox and Outsourcing

The interface toolbox (transaction PU12) uses the cluster IF. It uses the following authorization objects:

  • P_PCLX

  • P_PCR

  • S_TMS_ACT

  • P_PBSPWE

Outsourcing uses ALE and local files with file access using transaction AL11. This is controlled using user exits in the interface toolbox.

In the standard system, Outsourcing uses the logical system FILEPORT. You can use the transaction WE21 to define customer-specific logical systems.

The XML conversion to IDOC is made using the function module OUT_IDOC_XML_TRANSFORM of the function group HROT and the function group IDOC_XML1 (RSIDOCWF). The function module GUI_DOWNLOAD (function group SFES) is also called for the conversion.

Communication with Authorities

For more information, see B2A: Communication with Authorities .

TemSe Files

The country versions for Payroll use reports in which sensitive data is displayed. For example, this data can be from the following sensitive areas:

  • Salary

  • Tax

  • Social insurance

  • Pension contributions

  • Court orders

This data is saved in temporary sequential (TemSe) files. The TemSe process is used for the following purposes:

  • To create and output statutory forms, statistics, and analyses

  • To download data for the front end server or application server directly, without storing the data as TemSe objects beforehand. The data can then be transferred from the front end server or application server to a data medium that can be transferred to the authorities.

  • For posting data to Accounting

    Caution Caution

    We recommend you no longer use the TemSe process for posting data to Accounting. If you run Accounting and Human Resources in separate systems, we recommend instead that you use Application Link Enabling (ALE). For more information, see SAP Notes 560301, 121614, and 125164.

    End of the caution.

You can control access to the TemSe objects within the SAP ERP system using the authorization object S_TMS_ACT ( TemSe: Actions on TemSe Objects) . Data encryption is not necessary here.

You can find information about the TemSe objects for your country version in the Payroll documentation for your country version.