Start of Content Area

Background documentation Authorizations  Locate the document in its SAP Library structure

The Payroll component uses the authorization provided by the SAP Web Application Server. The security recommendations and guidelines for authorizations as set out in the SAP Web AS ABAP security guide therefore also apply to Payroll.

The SAP Web Application Server authorization concept is based on assigning authorizations to users based on roles. To maintain roles on the SAP Web AS ABAP, use the profile generator (transaction PFCG).

Standard Roles

The following table shows examples of standard roles that are used by the Payroll component.

Standard Roles

Role

Description

SAP_HR_PY_xx_PAYROLL-ADM

Payroll administrator <xx>

SAP_HR_PY_xx_PAYROLL-MANAGER

Payroll manager <xx>

SAP_HR_PY_xx_PAYROLL-PROC-ADM

Payroll procedure administrator <xx>

SAP_HR_PY_xx_PAYROLL-SPEC

Payroll specialist <xx>

SAP_HR_PY_xx_*

Roles for mapping country-specific tasks within payroll.

SAP_HR_PY_PAYROLL-LOAN-ADM

Loan accounting administrator

xx stands for the country key. For the roles marked with an asterisk (*), additional roles exist for each of the countries.

You can find additional roles in the description of Personnel Management standard roles.

Standard Authorization Objects

The following table displays the security-relevant authorization objects used by payroll.

Standard Authorization Objects

Authorization Objects

Description

Value

Description

P_PBSPWE

Process Workbench Engine (PWE) authorization

 

Authorizations for the Process Workbench Engine (PWE)

P_PCLX

HR: Cluster

 

Check when accessing HR files on the PCLx (x = 1, 2, 3, 4) databases

P_PCR

HR: Personnel control record

 

Authorization check for the personnel control record (transaction PA03)

P_PE01

HR: Authorization for personnel calculation schemes

 

Authorization check for personnel calculation schemes

P_PE02

HR: Authorization for personnel calculation rule

 

Authorization check for personnel calculation rules

P_PYEVDOC

HR: Posting document

 

Protection of actions on payroll posting documents

P_PYEVRUN

HR: Posting run

 

Control of actions that are possible for posting runs

P_OCWBENCH

HR: Activities in the Off-Cycle Workbench

 

Used for the authorization check in the Off-Cycle Workbench.

P_B2A

HR-B2A: B2A Manager

 

Used to determine the authorization check for the B2A Manager. The B2A Manager must first be employed.

P_USTR

Tax report authorization (only the USA country version)

 

Authorizations for the tax report (only the USA country version)

S_TMS_ACT

Actions to/on TemSe objects

 

The authorization determines who may execute which operations on which TemSe objects

 

 

End of Content Area