SAP HCM Berechtigungen

What is the importance of the SAP HCM authorizations?

A well-structured authorization concept is essential for a functioning SAP landscape and is the basis for working well with your SAP system. SAP HCM authorizations regulate which authorizations your individual employees receive and which functions they have access to in the system. Without an authorization system, your company may suffer considerable damage, both economically and legally.

Due to regular audits or in case of queries from your customers, it must be defined at all times who has access to which data and when. Protect yourself from data theft and also from unintentional incorrect data information with a clear authorization concept. Because each employee is only given access to functions that they actually need.

What are the authorization types in SAP HCM?

  • General authorizations

General authorizations, which are most commonly used, control access to PA/PD infotypes as well as clusters for the person himself or others. P_PERNR, P_ORGIN, P_ORGXX, PLOG and P_PLCX are general authorization objects.

The security of the general authorizations is only given if only the HR department is granted access to them. We recommend that you not use general authorizations to process ESS/MSS, as this greatly reduces clarity and significantly increases maintenance costs.

  • Structural authorizations

When using an organizational management system, we recommend structural authorizations. However, structural ones can only be used in conjunction with general authorizations, since it is only possible to see which people are allowed to see, but not what is allowed to be seen. To determine authorizations, so-called authorization profiles are created, on the basis of which the organizational structure tree is created. One advantage of structural authorizations is flexibility.

However, some employees need to be assigned multiple roles because they work in multiple teams that have different scopes of permissions. Context-dependent authorizations provide a remedy here.

  • Context-dependent authorizations

Context-dependent authorizations are a combination of general and structural authorizations. Therefore, the assignment of authorizations can be very finely granular and clearly separate functions. With context-dependent authorizations, authorization objects can be supplemented with authorization profiles. This means that only objects of a very specific authorization profile receive authorizations.

Do you need help deciding which of the three authorization types to use? Feel free to contact us. We will answer all your open questions and work with you to design a suitable authorization concept for SAP HCM. Thanks to our broad-based SAP specialist department, we can support you in SAP Basis during the implementation of the concept.

Erfahrungen & Bewertungen zu abilis GmbH IT-Services & Consulting