Question:
HI
I have role where in the user only have the following transaction and the rest are reports. I have given P_PERNR with R&I and the IT105. System still allowing the user to change the payroll status record for self. Is it the standard functionality or I am missing some thing?
PU03 - Change Payroll Status
PU01 - Delete current payroll result
Answer:
What infotypes does the user have in P_PERNR. To exclude the the user from updating his/her own payroll status, do not give infotype 0003 in PERNR with PSIGN =I.
Answer:
Hi Magil
Thanks for your response, I am working on ERP2005 system and I have seen the previous postings use I instead of E (for write) in ERP2005.Pl clarify
Answer:
for a check on P_PERNR to work be sure to leave the corresponding fields in P_ORGIN Empty!!!
Answer:
Hi Auke
Thanks for your response, but It is not clear what you say, you mean I shouldn’t maintain W IT0003 against P_ORGIN.
Answer:
There should be no problem having access to IT0003 in P_ORGIN, as long as you remember to maintain IT0003 in P_PERNR with interpretation E.
Answer:
what i mean is that in the object P_ORGIN the fields for employee group etc should not be filled with data, as in that case it will override the settings done in P_PERNR and allow access based upon the P_ORGIN settings.
BUT you need to fill in Infotype and authorisation level in P_ORGIN with the same values as in P_PERNR.
When you want to allow wider view access create a second P_ORGIN with al values filled in as desired.
Only when the employee group etc is left open the check will go to P_PERNR for further checks and only for infotype and authorisatio level enterd in the P_ORGIN Object
Answer:
To prevent a user from updating their own pay, bonuses and recurring payments, set P_PERNR to:
AUTHC = D,E,S,W
INFTY = 0008, 0014, 0015
PSIGN = E
SUBTY = *
_________________
To err is human - to really foul things up, you need security access.