Question:
I want to restrict a user to only be able to change a certain infotype but I've had to give them access to infotypes 1 & 2 as well so they are able to search for employee's name & number etc.
I've only given them read access to infotypes 1 & 2 so they can do the search but in PA30 I dont want them to actually be able to view any of the personal info held in those infotypes.
Can I make it so that they cant actually view any of the data against those infotypes yet change another and still serach for names?
Cheers Q
Answer:
Remove 'R' in the auth level for infotype 0001 and 0002 and give them only 'M' for those two infotypes. M is for match code not read data.
Answer:
Unfortunately John while that should work it doesn't. (not the original poster.)
I have found that I needed to implement a bAdi in structural authorizations to solve this problem.