Question:
All,
We would like to create customer specific reports that should be accessed through ESS and MSS. We are creating these in R/3.
I would like to know, if these are accessed through ESS and MSS, how the security work? At the moment, with the standard delivered reports in MSS as an example, a user is restricted to view only employees that report to him in the org structure, wether directly or indirectly. With a customer created report, will this security have to be put in place with a structural authorization or can this restriction be put in place via MSS?
The same questions relates to ESS customer reports.
Thanks!
Answer:
Why is a customer in you ESS system ( EMPLOYEE Self Service)? By virtue of being a customer they would not need to be in you ESS and your Customer ID's would not have the access to the tcodes.
MSS ( Manager Self Service) is also a specific set of tcodes for Managers. not customers.
If you are allowing the Customers in through the ITS, workplace or SAPs current name for the same thing.. . you have two controls. one, what the webpage allows and two the access of the user ID the cutomer logs in with. If they run custom reports you have to build in the security.
THe ESS and MSS equivalents willl not work unless you add the Customer to your HR system and then you get into a hoard of legal issues....
Answer:
John,
Thanks for the reply. I realised I have created some confusion with using the word 'customer' reports. Apologies for that. I am actually refering to bespoke reports that will only be run by internal ESS users within the organization. No external access. Each users will be assigned to the org structure and will be given an ESS role in SAP R/3. Each user should only to see output for his own personnel record. The same goes for line managers who should only see reports for employees reporting to them.
Can these bespoke reports be used in ESS and MSS without building in extra authorization within the R/3 roles?
Thanks!
Answer:
THe ESS reports are controlled att he webpage display and "hard coded in the SAP r/3 side to ensure only the ID requesting the report see's their data. If they have access to normal R/3 SAP would let you see more. It is the ESS tcodes that ensure only the user sees their data and no-one elses, not security.
MSS SAP tcodes use the standard HR structure, Standard profiles ( roles ) and PD profiles to limit to their reports or "linked" employees.
If you write your own code use the INFOTYPE_READ (sp?) Function module to read the data so standard SAP security comes into pla and then use IT 0105 ST 0001 to ensure the records match, ID to Personnel record. THe MSS should take care of itself.