Show TOC

 Example: Employee Self-Service

Requirement

Employees should be able to change their own address (infotype 0006) using SAP Employee Self-Service. What is more, each employee should be authorized to access all master data stored under his or her personnel number. Employees who are not HR administrators should not be able to access other employees’ data under any circumstances.

Realization

  • At least one of the authorization main switches (except for P_PERNR) must be active to be able to prevent users access to other personnel numbers. Assume for this example that the AUTSW ORGIN main switch is the only active main switch.

  • The AUTSW PERNR main switch must be activated for the authorization check by personnel number to take place.

  • The user assignment for all employees who use the SAP Employee Self-Service must be maintained in infotype 0105.

  • Users who are not administrators should not be granted P_ORGIN authorizations. This means that these users have no access authorization to HR master data for the time being.

  • Every employee who uses the SAP Employee Self-Service is granted the following two authorizations for the P_PERNR authorization object:

AUTHC = R, M

PSIGN = I

INFTY = *

SUBTY = *

and

AUTHC = *

PSIGN = I

INFTY = 0006

SUBTY = *