Protection of personal data is an important aspect of IT-supported HR tasks. For this reason, authorizations in
SAP Personnel Management
can be defined down to the smallest detail to prevent unauthorized access to person-specific data.
On the other hand, the aim of
HCM Processes and Forms
is to involve as many users as possible in the performance of routine HR tasks and thus to enable more efficient processing.For this purpose, a special authorization concept was developed for
HCM Processes and Forms
with which you can involve all employees in these processes without having to assign them all of the relevant HR authorizations. This enables shorter implementation times and reduces the risk of assigning employees incorrect authorizations.
The authorization concept of
HCM Processes and Forms
separates users’ authorizations to access specific forms, processes, and attachments from the users’ authorizations to access HR data in the infotypes of the backend system.
There are three methods available for checking authorizations. They are defined according to the authorization objects that are used in the authorization check:
Use of the authorization object for
HCM Processes and Forms
: P_ASRCONT
Use of the traditional HR authorization objects
Combination of both methods
You specify the required method for checking authorizations in Customizing for
HCM Processes and Forms
. This has the following advantages:
If you want to use the traditional HR authorization objects, you only need to change the existing authorizations for employees, managers, and HR administrators if authorizations to read (manager, employee) or change (HR administrator) are included for additional infotypes.
If you use the authorization object P_ASRCONT, you must include the authorization object in the profile but you do not need to adjust the previous authorizations.
The authorization checks distinguish between the various activities the user can perform. You can assign a method for checking authorizations to each activity.
Example
Some examples of activities are:
Launch Process / Form
Read
Approve Form
Save Application Data
Note
You set up these authorizations using the traditional HR authorization objects.
A –
Approve Form
P –
Process Form
X –
Save Application Data
You can assign the methods for checking authorizations to their activities on various levels in Customizing. You can thus greatly simplify the assignment of required authorization checks and benefit from even greater flexibility when protecting especially sensitive data.
You can specify the method for checking authorizations that is used in the process for an activity (see above) that is to be performed.
You can refine the specified data on the process level. You can group individual processes into process groups if necessary. You can then assign a method for checking authorizations to these process groups for each activity. This enables you to perform a simplified or a strict authorization check for individual processes.
You can group form scenarios into form scenario groups. You can specify the activities for which users can be assigned authorizations for these groups in the authorization object P_ASRCONT.
You can also specify the activities for which users can be assigned authorizations for attachment types in the authorization object P_ASRCONT.
See also:
The Implementation Guide (IMG) for
Personnel Management
under
Personnel Administration
->
Tools
->
Authorization Management
SAP Library under
.The documentation for the authorization object P_ASRCONT.