Question:
Hi
I am currently working on a security issue we a have. The problem is that we have a user who is working in both HR and EHS, so needs a cross module combination of roles. We have created a custom auth object for P_ORGIN for the HR roles and have this working the way it should. Now when we combine the EHS role with the HR role the user is missing IT0002 for all subtypes. But we want this user restricted to Subtype 9 in the HR role but want the user to beable to see all subtypes in EHS transacions. Currently the user is only seing the users who are in subtype 9 in any of the EHS transactions. Is there a way around this? When we give the user access to IT0002 for all subtypes then the EHS transactions show all employees and in the HR transactions the user is also able to see all employees which should not happen. The user should only see empoyees who are in subtype 9 in PA20/PA30. Anyone have any ideas that I can try out?
Thanks in advance.
Answer:
S-A-P,
Have you looked at
OSS Note: 508254 EHS-IHS Authorization check for HR data
We're not using EHS, but this looks promising for limiting the HR auth check in EHS.
Good luck,
Vincent