Because of the company’s sheer size and diversity of its lines of business, this Global Media and Entertainment Enterprise had a very large and decentralized Human Resources (HR) organization with strict rules surrounding segregation of tasks and organizational data. These rules included restrictions on HR employees from seeing HR information related to peers within the organization. Also, the company expected that all of its employees including HR employees would utilize the Employee Self-Service (200,000 ESS users) and Manager Self-Service (10,000 MSS users) functionality. Due to the sensitivity of the HR data and the implementation of MSS functionality, both standard HR security authorizations and organizational structure security were required. Current limitations of SAP HR security requires the assignment and checking of structural authorizations for all HR data once assigned to a user. Thus, any HR manager, who was assigned MSS functionality and therefore was assigned a structural authorization to be limited to only their subordinates, could not perform other key HR functions for individuals outside of their direct supervision, which included restricting their access to finance and operational employees.

The Hermosa Beach Consulting Group (HBCG) designed and assisted in implementing a simple Boolean logic and custom authorization check statements that augmented SAP delivered HR authorization logic. This logic was implemented using an existing SAP HR Business Add-In. The enhancement provided for the ability of HR management to be assigned both HR MSS functions including subordinate employee payroll adjustments, performance appraisals, position requisition, etc, while also allowing them the ability to perform other non-MSS HR functions such as Training, Qualifications, etc. across the organization. In addition, referencing existing HR Job configuration, HBCG provided the ability to restrict HR individuals from seeing other HR professionals’ salary information. This was implemented in a hierarchical fashion with individuals being able to see this sensitive data for HR individuals in lower management levels, but not HR individuals in their same management level or above.

The enterprise was able to keep HR decentralized, implement MSS and ESS within the HR organization without limiting HR Management’s ability to support individuals outside of their direct supervision, and restrict HR employees from seeing other HR employees’ salary information.