HR Secuirty - Securing IT0002

Question: hi everyone,

i am looking to secure IT0002 in such a way that would prevent non-HR users with access to the HR data for financial purposes to view parts of the information in IT0002. Unfortunately I cannot just give them access to IT0002 as this contains a few private information such as (SSN, DOB).

Is there a way to secure this infotype, without using customization, so that these users can get access to the information in IT0002 but not the SSN or DOB? Can we mask certain fields within the infotype and do this within a security role?

Thanks in advance for your help!

Answer:
I'm not usre if this is much help, but we use IT0002 only for name information. We keep DOB under Infotype 0041, we don't have SSN in NZ.

IT0002 has no subtypes so we decided that restriction was unlikely and that's why we stored more personal information under other infotypes.
_________________
Sandi
~~~~

Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real

Tuly kiwi.

Answer:
You should be able to acomodate this through HR configuration in the screen modifications using the feature to determine screen controll. If you cannot make the determination based on the fields available in the feature, a ABAP program can be called from the feature to return the variable key which is used to determine the screen and attributes the user sees.

Answer:
would the HR configuration in the screen modifications allow certain groups of users to view the SSN and DOB information and restrict the view of data to non-HR users that require access to the other data in IT0002? As I'm not sure how I would go about using the ABAP code to secure access to view the SSN and DOB data to only HR users, could you elaborate on that idea a little further. Thanks!

swright, thanks for the reply. unfortunatley, that would only solve one part of my problem as they would still be able to see SSN (social security numbers) via IT0002.

Answer:
HI

I suggest you use transaction varient (SHD1) to keep the fields
you want the users to see and hide the one you do not
want the users to see in IT0002.

regards
massoud

Answer:
If you cannot determine which screen to assign to the user based on some personnel data of the user (subarea, subgroup, organization, etc.), you could create a authorization object and give it to the HR users, then the abap could check the the user for this object to determine which screen controll is assigned.

Answer:
hi,

The way we have secure IT0002 for SSN and birthday(Also begda) is that with transaction PA20 we have made hidden theese fields. Also in the P_ORGIN for accesing in display, no one has M (matchcode) for authorization level.

Og course, for people that have access to PA30(Maintain), theese fields are not hidden.