HR security : user must not be able to change his/her data

Question: Hi Sap fans!

We have a SOX (SOD) issue here. The issue is that a secretary, who has the right to change the HR time data for all her department employees, must not be able to change her own data.

Someone has an idea about how that can be achieve using HR security?

Thanks!
Nancy

Answer:
take a look at the documentation on security object P_PERNR

Answer:
Hi thebean3!

Yes few months ago we've tried to use P_PERNR. We've created a special role in with the field PSIGN of P_PERNR had the value E instead of the actual I.

According to P_PERNR documentation that should have worked but it didn't. We end up with a test user that can no longer do anything with his/her own data but also with other employee's data. That test was performed few months ago and because it didn't gave us what we wanted we deleted all our tests roles and test users. I guess we should rebuild our test role and test user and perform our tests again. Maybe we forgot something the first time.

Thanks!
Nancy

Answer:
You can restrict user from posting his own Time by putting following values to P_PERNER

Auth : E M R W
Infotype: 316
Interpretation : E
Sub Type: *

Infotype 316 is a dummy infotype used to keying time.

Answer:
Have you looked at P_ORGIN?

P_PERNR is only used when you try to access your own personnel number, so it should have no impact when trying to access other persons data.

Answer:
Thank you all.

I guess we will have to perform our tests again. This time we will fine tuned the P_PERNR usage using the info you provided.

I'll keep you posted of the results we will obtain.