SAP HCM Security - frequently asked questions
Our consultants have put together a comprehensive list of common enquiries and responses to SAP security issues to help with basic troubleshooting and simple problem solving. The FAQs also provide useful background data to IT administrators about to start an SAP initiative.
If you have a question which is not listed here, please use the Ask the Experts form to submit a question. Your inquiry will be addressed by one of our consultants as promptly as possible.
There are three key differences between standard SAP R/3 security and security in SAP HR:
- Infotypes - Master data in SAP HR is held in infotypes. Since master data is the key data element on which users need to be restricted infotype restrictions become extremely important in the context of SAP HR.
- Structural Authorisations - In SAP HR the population that a user can access can be restricted using either the enterprise structure (Personnel Areas, Employee Groups, Company Codes, etc) or the organisational structure. Structural authorisations allow restrictions to be configured on the organisational structure.
- Personnel Number Restrictions - In SAP HR a special authorisation object (P_PERNR) allows users to be restricted to accessing infotypes for their own data only. This facilitates functionality such as Employee Self Service (ESS.) The P_PERNR authorisation can also be used to prevent administrators from maintaining their own data whilst still allowing them access to others.
