Human Resources Authorization Check 
Definition
Fundamental part of the
General Authorization Check.The following authorization objects are available in the Human Resources component:
Use
The system checks the authorizations stored in user master data and determines whether a user is permitted to carry out an action or not each time you attempt to execute a business transaction or report.
Structure
The authorization objects in the Human Resources component contain (just like the general authorization objects) up to ten fields that are checked by the system during an authorization check.

The HR: master data object contains the following fields in the standard system:
INFTY: Infotype number
SUBTY: Subtype number
AUTHC: Authorization level
WERKS: Personnel area
PERSG: Employee group
PERSK: Employee subgroup
VDSK1: Organizational key
You can, therefore, assign authorizations for personnel data in HR infotypes at the infotype/subtype level according to the employee’s personnel area, employee group, employee subgroup and organizational key.
Authorization Level
Field (AUTHC)All authorization objects in Human Resources contain the field Authorization Level (AUTHC). You enter the employee’s authorization type in this field.
The authorization level can have the following values:

If a user has write authorization, he/she should also have the corresponding read authorization. In other words, if a user has authorization level

Double Verification Principle:
By using specifications
E and D , you can implement the "double verification principle". This means that at least two users must be involved in writing active records to the database.Infotype records, except for the records in Actions (0000), Organizational Assignment (0001), Personal Data (0002), Payroll Status (0003), Reference Personnel Number (0031) infotypes, can have a lock indicator. It is displayed when infotype data is edited. The system ignores all data records that have a lock indicator during an evaluation. Records with a lock indicator are described in this documentation as "locked", and those without a lock indicator as "active".
For the "double verification principle" to take effect, one of the users must have the specification
E in the Authorization level field and another user must have the specification D . Specification E permits the user to edit and create locked records, D permits the user to edit the lock indicator (delete or set), that is, a user with specification D can change active records into locked records or visa versa. Active data records can only be written to the database or changed if both users are involved in the processing procedure.
When creating authorizations, make sure that levels
E and D are always used in conjunction with level R. The authorizations are not in any specific hierarchical order (only * includes all authorization level values). This becomes clear in a variety of situations.When you start a personnel administration transaction, the system checks that you have at least a read authorization, i.e. value R or *.
You must have an
You must have an R authorization to display infotype data in reporting (the * authorization includes the
Interpretation of Assigned Personnel Number
Field (PSIGN)The authorization object HR: Master data - Check personnel number (P_PERNR) relates to the personnel number of an employee. This has an effect on the authorization. The authorization object HR: Master data - Check personnel number (P_PERNR) also includes the Interpretation of assigned personnel numbers (PSIGN) field. In this field you enter how the system should interpret the assignment user - personnel number.
The field has two possible specifications:

SAP does not support the specification