Data Storage Security (SAP Library - Human Capital Management)

Data Storage Security

The infotypes in Personnel Management contain particularly sensitive data. This data is protected by central authorization objects.

Note

For more information about authorization objects, see Authorizations.

Examples of infotypes containing particularly sensitive data:

· International infotypes for Personnel Administration (PA-PA)

¡ Personal Data (0002)

¡ Basic Pay (0008)

¡ Bank Details (0009)

¡ Family Member/Dependents (0021)

· Personnel Development (PA-PD)

¡ Qualifications

¡ Appraisals

· Personnel Cost Planning and Simulation (PA-CP)

¡ Planning of Personnel Costs (0666), contains salary-based information

· Enterprise Compensation Management (PA-EC)

¡ LTI Grant (0761)

¡ LTI Exercise (0762)

· Management of Global Employees (PA-GE)

¡ Compensation Package Offer(0706)

Other sensitive Personnel Management data

· Budget Management

The Budget Management component accesses the salary data of employees and displays data from the Controlling (CO) and Funds Management (FI-FM) components. The standard authorization concept for Human Resources, Controlling, and Funds Management is used for these processes. The following authorization objects are also available to protect the data:

¡ P_ENCTYPE (HR: PBC - Financing): Determines which funds reservation types a user can access and which activities the user is allowed to perform.

¡ P_ENGINE (HR: Authorization for Automatic Commitment Creation): Determines which activities a user is allowed to perform when creating commitments.

· Pension Fund (PA-PF)

Access to salary data, pensions and benefits entitlements is protected by the following authorization objects:

¡ P_ORIGIN (HR: Master Data)

¡ P_CH_CK (HR-CH: Pension Fund: Account Access)

¡ P_NL_PKEV (Bevoegdheidsobject voor PF-gebeurtenissen)

· SAP Expert Finder (CA-GTF-XF)

For the connection with the external LDAP system, the user should only have read access to the data. The role SAP_HR_PA_XF_SERVICE_USER_DOC (HR Expert Finder: Service User for Access Search Engine) is available for this.

· Personnel Cost Planning (PA-CM-CP and PA-CP)

The old Personnel Cost Planning (PA-CM-CP) and the new Personnel Cost Planning and Simulation (PA-CP) components both save salary-relevant information to the clusters of the database PCL5. You can control access rights using the authorization object P_TCODE (HR: Transaction Code).

· Employee Interaction Center (PA-EIC)

The EIC Authentication infotype (0816) enables question and response pairs to be saved that an agent of Employee Interaction Center then uses to identify a calling employee. You can only maintain the infotype with the Authentication for EIC Employee Self-Service.

· HR Administrative Services (PA-AS)

The personnel file and all process instances are saved with intermediate statuses and history to the Case Management databases.

· Particularly sensitive data in the country versions

¡ The transfer of salary and tax data using the B2A Manager is protected by the authorization object P_B2A (HR-B2A: B2A Manager).

¡ Country version USA (PA-PA-US)

The social security number (SSN) in the Personal Data infotype (0002)

¡ Country version Canada (PA-PA-CA)

The social insurance number (SNI) in the Personal Data infotype (0002)

¡ Country version Australia (PA-PA-AU)

The Tax File Number (TFN) in the TFN Australia infotype (0227)

¡ Country version New Zealand (PA-PA-NZ)

The Employee IRD Number in the IRD Nbr New Zealand infotype (0309). There are several ways to access this number:

§ Directly, using the IRD Nbr New Zealand infotype (0309) with the transaction Maintain HR Master Data (PA30)

§ Using the IRD Numberpushbutton in the Tax New Zealand infotype (0313)

The necessary authorizations to read or change the IRD number depend on the authorizations in the user profile.