We recently installed SAP HR 4.6c and are having difficulty configuring the following security scenario:
Allow access to execute "Personnel Actions" (PA40) which creates or copies infotypes (updates). At the same time, restrict the ability to perform a change(pencil icon) or delete (garbage can Icon), while allowing the user to do create or copy of intotypes using Maintain Personnel Master (PA30).
The above applies to all infotypes.
SAP recommends the above restriction, but we have not yet figured out how to implement it.
Your suggestions would be greatly appreciated.
Yikes. You will have to restrict them with P_ORGIN, (which I'm sure you know) but you can only restrict their change and delete access per InfoType (which means multiple P_ORGIN authorizations in the same profile). I am not certain that is the desired result you are looking for. The other option would be to have some users that can hire folks into the company (PA40), and some users that can update infotypes after hire (probably not realistic.)