Show TOC

 Authorization Concept of HCM Processes and Forms

Use

Protection of personal data is an important aspect of IT-supported HR tasks. For this reason, authorizations in SAP Personnel Management can be defined down to the smallest detail to prevent unauthorized access to person-specific data.

On the other hand, the aim of HCM Processes and Forms is to involve as many users as possible in the performance of routine HR tasks and thus to enable more efficient processing.For this purpose, a special authorization concept was developed for HCM Processes and Forms with which you can involve all employees in these processes without having to assign them all of the relevant HR authorizations. This enables shorter implementation times and reduces the risk of assigning employees incorrect authorizations.

The authorization concept of HCM Processes and Forms separates users’ authorizations to access specific forms, processes, and attachments from the users’ authorizations to access HR data in the infotypes of the backend system.

Features

  • There are three methods available for checking authorizations. They are defined according to the authorization objects that are used in the authorization check:

    • Use of the authorization object for HCM Processes and Forms : P_ASRCONT

    • Use of the traditional HR authorization objects

    • Combination of both methods

    Note Note

    For more information, see Methods for Checking Authorizations .

    End of the note.

  • You specify the required method for checking authorizations in Customizing for HCM Processes and Forms . This has the following advantages:

    • If you want to use the traditional HR authorization objects, you only need to change the existing authorizations for employees, managers, and HR administrators if authorizations to read (manager, employee) or change (HR administrator) are included for additional infotypes.

    • If you use the authorization object P_ASRCONT, you must include the authorization object in the profile but you do not need to adjust the previous authorizations.

  • The authorization checks distinguish between the various activities the user can perform. You can assign a method for checking authorizations to each activity.

    Example Example

    Some examples of activities are:

    • Launch Process / Form

    • Read

    • Approve Form

    • Save Application Data

    End of the example.

    Note Note

    You set up these authorizations using the traditional HR authorization objects.

    • A – Approve Form

    • P – Process Form

    • X – Save Application Data

    End of the note.

  • You can assign the methods for checking authorizations to their activities on various levels in Customizing. You can thus greatly simplify the assignment of required authorization checks and benefit from even greater flexibility when protecting especially sensitive data.

    • You can specify the method for checking authorizations that is used in the process for an activity (see above) that is to be performed.

    • You can refine the specified data on the process level. You can group individual processes into process groups if necessary. You can then assign a method for checking authorizations to these process groups for each activity. This enables you to perform a simplified or a strict authorization check for individual processes.

    • You can group form scenarios into form scenario groups. You can specify the activities for which users can be assigned authorizations for these groups in the authorization object P_ASRCONT.

    • You can also specify the activities for which users can be assigned authorizations for attachment types in the authorization object P_ASRCONT.

See also:

  • The Implementation Guide (IMG) for Personnel Management under Personnel Administration -> Tools -> Authorization Management

  • SAP Library under Start of the navigation path Human Resources Next navigation step HR Tools Next navigation step Authorizations for Human Resources End of the navigation path .

  • The documentation for the authorization object P_ASRCONT.