{"id":1706,"date":"2013-08-15T19:39:34","date_gmt":"2013-08-15T19:39:34","guid":{"rendered":"http:\/\/sapsecurityanalyst.com\/WP\/?page_id=1706"},"modified":"2015-05-03T07:24:52","modified_gmt":"2015-05-03T07:24:52","slug":"personnel-number-check-p_pernr","status":"publish","type":"page","link":"https:\/\/sapsecurityanalyst.com\/WP\/personnel-number-check-p_pernr\/","title":{"rendered":"Personnel Number Check (P_PERNR)"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p>P_PERNR controls the authorization of HR master data, hence the infotype range for this authorization object is 0000-0999. It gives users authorization to display\/maintain HR master data for their own personnel number.<\/p>\n<p>&nbsp;<\/p>\n<p>If the personnel number check is active and the user has been assigned a personnel number, P_PERNR authorizations override all other checks (including P_ORGIN) except Test Procedures.\u00a0This check does not take place if the user has not been assigned a personnel number, or if the user accesses a personnel number other than his or her own.<\/p>\n<p>&nbsp;<\/p>\n<p>P_PERNR authorization fields:<\/p>\n<table class=\"easy-table-creator tablesorter\" style=\"width: 100%;\">\n<tbody>\n<tr>\n<td>\u00a0AUTHC<\/td>\n<td>\u00a0Authorization Level<\/td>\n<\/tr>\n<tr>\n<td>\u00a0PSIGN<\/td>\n<td>\u00a0Interpretation of Assigned Authorization<\/td>\n<\/tr>\n<tr>\n<td>\u00a0INFTY<\/td>\n<td>\u00a0Infotype<\/td>\n<\/tr>\n<tr>\n<td>\u00a0SUBTY<\/td>\n<td>\u00a0Subtype<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"polyvision_credit_link\"><!--POLYVISION_CREDIT--><\/div>\n<p>&nbsp;<\/p>\n<div>The most important field for this check is <strong>PSIGN<\/strong> , which is used to <strong>I<\/strong>nclude \/ <strong>E<\/strong>xclude (<strong>I<\/strong> \/ <strong>E<\/strong>) own personnel number during authorization check.<\/div>\n<div><\/div>\n<div><\/div>\n<div>Let us take an example to understand how this authorization object works. Suppose a payroll administrator is responsible for the basic pay of employees of a given personnel area, say 1000.<\/div>\n<div><\/div>\n<div>The infotype for Basic Pay is 0008.<\/div>\n<div><\/div>\n<div>To perform his duty, the administrator should have following authorization:<\/div>\n<div><\/div>\n<div><\/div>\n<div><strong>P_ORGIN<\/strong>:<\/div>\n<div>INFTY : 0008<\/div>\n<div>SUBTY : *<\/div>\n<div>AUTHC : *<\/div>\n<div>PERSA : 1000<\/div>\n<div>PERSG : 1<\/div>\n<div>VDSK1 : *<\/div>\n<div><\/div>\n<div><\/div>\n<div><\/div>\n<div>From security point of view, the administrator should get authorization so that he is able to perform his responsibility (i.e. to administer the basic pay of employess). But he\u00a0should only be allowed to display his personnel data.\u00a0He\u00a0should not be allowed to change his own basic pay.<\/div>\n<div><\/div>\n<div><\/div>\n<div>It is here that the concept of P_PERNR authorization object comes into picture.<\/div>\n<div><\/div>\n<div><\/div>\n<div>He needs to be assigned the following authorizations also:<\/div>\n<div><\/div>\n<div><\/div>\n<div><strong>P_PERNR<\/strong>:<\/div>\n<div>AUTHC : R,M<\/div>\n<div>PSIGN : I<\/div>\n<div>INFTY : *<\/div>\n<div>SUBTY : *<\/div>\n<div><\/div>\n<div><\/div>\n<div>And,<\/div>\n<div><\/div>\n<div><\/div>\n<div><strong>P_PERNR<\/strong>:<\/div>\n<div>AUTHC : W,S,D,E<\/div>\n<div>PSIGN : E<\/div>\n<div>INFTY : 0008<\/div>\n<div>SUBTY : *<\/div>\n<div><\/div>\n<div><\/div>\n<div>From the first instance of P_PERNR, user gets authorization (PSIGN : I) to read his own infotypes. And from the second instance of P_PERNR, he loses (PSIGN : E) write access to his infotype 0008 i.e. basic pay.<\/div>\n<div><\/div>\n<div>Hence, we see that P_PERNR in a way acts as providing negative authorization where it overrides the authorization provided by P_ORGIN.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; P_PERNR controls the authorization of HR master data, hence the infotype range for this authorization object is 0000-0999. It gives users authorization to display\/maintain HR master data for their own personnel number. &nbsp; If the personnel number check is active and the user has&nbsp;<a class=\"read-more\" href=\"https:\/\/sapsecurityanalyst.com\/WP\/personnel-number-check-p_pernr\/\">&hellip;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/1706"}],"collection":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/comments?post=1706"}],"version-history":[{"count":8,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/1706\/revisions"}],"predecessor-version":[{"id":1714,"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/pages\/1706\/revisions\/1714"}],"wp:attachment":[{"href":"https:\/\/sapsecurityanalyst.com\/WP\/wp-json\/wp\/v2\/media?parent=1706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}