SAP HCM Security - frequently asked questions
Our consultants have put together a comprehensive list of common enquiries and responses to SAP security issues to help with basic troubleshooting and simple problem solving. The FAQs also provide useful background data to IT administrators about to start an SAP initiative.
If you have a question which is not listed here, please use the Ask the Experts form to submit a question. Your inquiry will be addressed by one of our consultants as promptly as possible.
The P_PERNR authorisation object is delivered in SAP HR (HCM) to enable Employee Self Service. Using this object users you can configure authorisations to allow users to update their own data without giving them access to update other user's data.
The P_PERNR object defines four authorisation fields:
- AUTHC - Authorisation Level
- PSIGN - Interpretation of Assigned Authorisation
- INFTY - Infotype
- SUBTY - Subtype
To restrict a user to accessing their own data only use the PSIGN value 'I' and specify the infotypes and subtypes the user should be able access together with the access level they should be allowed.
The following example would allow a user to update his / her own (main) Bank details without being able to change the Bank details of other employees:
- AUTHC = W
- PSIGN = I
- INFTY = 0007
- SUBTY - 0
The exclude option (PSIGN = E) in the P_PERNR authorisation can also be used in a number of other scenarios to enforce segregation of duties within the HR department.
