The SAP Fan Club Forums

[Jaynick]

Hi,

We have had a request to restrict salary related information in our TST environment. At this point we don't have a third party tool to scramble data in this system. Basis, Developers and the Security team therefore have broad access in this system and since TST is refreshed with PRD data anyone in these teams are able to view this info.

I have so far identified with assistance from our HR dept that the following should be restricted:
- IT 0008 - Basic Pay
- IT 9705 - Additional COE Remuneration Info
- Tables PA0008 & PA9705
- Txns SU01 - SU03 and PFCG (the above access can be re-assigned if the user has this access) Of course this can't be removed from the security team, monitoring should perhaps be put in place to mitigate this risk.

I am sure there are other ways in which this data can be accessed, can you help identify what I have missed?

Many thanks,
Jaynick

[thx4allthefish]

Jay, that'll never do! If you are paying your employees using the same system, everybody who has FI and CO transactions can check on payment data over in FI and CO!! You can see the data in cost centre reports, even down to a level where you can 'transcribe' it to UserID's.

Two sensible ways:

run your HR on a separate system (safest)
scramble data.

[Jaynick]

Thanks and agreed, I also read a post that mentioned a custom program using an algorithm to scramble the relevant HR tables then deleting the payroll results and posting documents. TDMS is planned for implementation but no set time line exists yet so this is an interim measure.
J