Question:
Hello SAP fans
Has any one used BADI to restrict user access in HR. Apparently, it
can be used in my situation where I want 50 users not to see
Each other pay data (Info type 0008). It does appear to me
Setting up the BADI to do the above is not the SAP security analyst
job because it does not involve any authorisation profiling work.
The HR configures/developers in my company do not want to
get involved because they are not sure how the BADI will,
Ultimately, affect the authorisation profile (job roles) in the whole
of the HR system. I can not answer the question because I simply
Have not done this before.
So I am looking forward to hear from any one who firstly,
implemented BADI successfully To restrict users as
explained above and secondly, what was its effect
on the overall impacted Users access.
Kind regards
Massoud
Answer:
Be careful in using the BADI in parts of HR as it will "turn off" the standard autorization checks . You can accomplish what you want with PD profiles, Personnel number check and standard Auth checks provided by SAP. ( look at the documentation for P_ORGIN, P_PERNR and PD profiles also know as structural authorizations.
Answer:
Hello again.
setting up the structural authorisations will take alot of efforts
from me and a number of people in my company. The question
I have got for you is how much confidence you truley
have that structural authorisation will work for the
problem I have got.
thanks
massoud
Answer:
Hi
We do not use structrual authorisations but access is linked to positions.
We control access to HR data via P_ORGIN, P_ORGXX and P_PERNR. We use the Personnel Admin codes and Time admin codes to retrict access for HR and Time Administrators.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
Just wanted to agree with John. It would be a good idea to use the HR objects and possibly PD Profiles to accomplish your goal. After all, that's exactly what they were created for.
PD Profiles would control the specific area and P_Orgin and P_Pernr would control the level of access around basic pay.
Having said that, I have not used the BADI's.