hr security

Question: hi all

i wanted to restrict user to see his own data . i used p_pernr . but it doest work . the switch is ok and the user is linked with the personnel number as well . just to test the object i wanted to restrict the user to see any kind of own data so i used values as * and the psign as E . any ideas ?

thanks
tp

Answer:
Then you have to set a personel area up for each user. P_PERNR is to include or exclude infotypes from the list of authorized records based on P_ORGIN. SAP uses a progressive check it first checks '*' and if pass includes all Intfotypes listed in P_PERNR, then it checks for 'E' which ones to EXCLUDE from the list of records that belong to the user and the it checks for "I" which records to INCLUDE in the list that belongs to the user. Once SAP gets a positive check the other P_PERNR values E or I are not checked. You must also hve IT 0105 populated.

Answer:
Hi john

i have a complex issue here . the manager should be able to see all the qualifications assigned to him from the qualification catalog except from one qualification group in the catalog which got the sensitive data . Thanks in advance .

-tp

Answer:
Itis not that complex, The Qualifications are Either their own Infotype or they are a subtype of an infotype. If you run a st01 trace on the tcode the view and select the specific qualification you want to prevent access and one you want to see ST01 will tell you th eIT and subtype with this you use P_PERNR with these value with 'E' and all the others with an 'I' do not include the IT or ST in the 'I or an '*' authorization