In the modern HR world, most organizations want their managers to handle their own position hierarchies, whether it is to create a new position in their hierarchy or to edit an existing position. Although the manager was authorized to create or edit a position, there may be some control required when it comes to certain fields in the position.
In this blog, I would like to talk about the control over position fields when a position is edited by the manager. Essentially, the manager would have access to all the fields when creating a new position however it is identical when he/she edits an existing position.
There are two options to control the manager to restrict access to certain fields. One is through a business rule and the other option is RBP.
It is assumed that the manager has given access to their own hierarchy positions alone. **Because the below rule was written with the above assumption, if it is not the case, then the condition should be adjusted accordingly**
In my example, the managers are not supposed to edit the company, business unit, division, and department fields in the position. Therefore, a business rule is created with the below conditions and it should be assigned to an ‘on change’ trigger of company, business unit, division, and department fields in the position object.
Note: The base object Original Values should be spelled exactly as in the screenshot above.
The above rule would work only for their own position hierarchy of a manager. Alright, let us test the above rule.
Logged in as a manager, editing a lower-level position, an error will pop out when there is a change in either of a company, business unit, division or department.
The second option is essentially an RBP permission roles. Two permission roles are needed to be configured separately for accessing the position object fields for managers. One RBP is to provision the create access with permission to all the fields and the other is to provision the edit access with restriction to a few of the fields.
The edit RBP permission role would restrict access to the company, business unit, division, and department whilst editing a position.
Logged in as a manager, creating a new position.
Logged in as a manager, and edit an existing hierarchy position.
The above two options are an efficient way of restricting access to position fields for managers. The robust solution to the HR world is option 2 where the manager would not realize after making changes to the field that they are not supposed to.
PS: Thanks to the SAP consultant who has helped in achieving option 1.