GRC
HR
SCM
CRM
BI


Blog

 

ESS/MSS tips: Best practices from Martin Gillet for managing authorizations for SAP ERP HCM self-services

by The Tip Doctor and Martin Gillet

September 6, 2013

Martin Gillet, SAP mentor, HR expert, and a long-standing speaker at SAPinsider’s HR conferences, presented at our HR 2013 conference in Amsterdam this year – and shared lots of his photos, of course!

In his session “A Detailed Guide for Leveraging SAP Functionality for Employee Self-Service (ESS) and Manager Self-Service (MSS)” Martin covered a range of topics – Portal vs. SAP NetWeaver Business Client, integration issues, the different impact of Java vs. ABAP technologies on self-services, and the changes in enhancement packages through EHP6. (Especially useful was the cheat sheet of relevant transaction codes, tables and SAP Notes!)

This tip from Martin’s ESS/MSS session at HR 2013 Europe focuses on authorizations – one aspect of securing sensitive HR data, and a pressing issue for our HR conference attendees. Be sure to watch for this topic at SAPinsider's HR 2014 US conference, 11-14 March in Orlando.  

 

Tips and best practices: Self-Services Authorizations

In addition to the “regular authorizations,” such as:

  • HR Master Data object – P_ORGIN
  • Access to Payroll and Time clusters object – P_PCLX

… self-services authorizations are also required:

  • Remote function call authorizations object S_RFC
  • Self-Services authorizations object S_SERVICE
  • Reporting authorization objects P_ABAP and S_PROGRAM

Tips for managing self-services authorizations:

  • Do not forget the auditing requirements
    • For security, authorization, or legal requirements purpose
  • Monitor Master Data Changes and accesses
    • Review which value and who changed the information

  • Track self-services starts
    • Track who, when, and which self-services are started

  • Log program starts
    • Log most sensitive program starts
  • Review SAP user ID mapping vs. Personnel numbers
    • List all linked personnel numbers. Review all useful information at a glance.
  • Review which value and who changed the information
    • Program RPUAUD00 for Personnel Administration and RHDOC_DISPLAY for Personnel Development

  • Track who, when, and which self-services are started
    • Enable IMG Self-Service activity

  • Log most sensitive program starts
    • Enable tracking of reports in the IMG activity

  • List all linked personnel numbers. Review all useful information at a glance.
    • Use the transaction HRUSER

  • Use the Customer Event Linkage Table T779X to handle other customer or company requirements

An email has been sent to:






More from SAPinsider



COMMENTS

Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!


SAPinsider
FAQ