HR & Payroll & Security issues

Hi,
We're in the final phase of HR & Payroll implementation and would like to hear from sites that did it before us, OR that are doing it now:
- HOW did you secure confidential information, such as Address, SIN/SSN, Bank Accounts, Salary rates, ... ?
- WHERE/at what level:
a) OW security (row/column),
b) Database security
- ANY other related topic that might cover our issue
Thank you,
Adrian Chimirel

Adrian,

Wow, that a lot to cover. Here are a few ideas to look at.

1. In the address book. Secure search type E from users who don't need access to employee addresss and SSN. One thing to consider is AP may need access to the AB infor to produce expense reports. You could also use tab and column security to block particular fields.

2. Here we have a seperate company set up to house Salaried employees. We then limit access to this company using row security to a very small group of users, like the payroll manager, corporate controller, etc...

3. UTB access is limited, but row and column security should work here as well.

Hello Ken,

Thank you for the hints;
1. Good point, we did secure the "E", but we created anOTHER set of AB records for our people in AP, too. I know, I know, dual set, dual maintenance ... but one must always pay the price ...
2. Couldn't apply; home companies are many, here, approx 1500 employees, and there's a business need to Distribute / Allocate work to different BUs (I developed a brand new set of objects to do this, and I still have headaches in regards with the Override table - should we populate it automagically similar with the way I'm populating the F06116 Transactions, shouldn't we ...)
3. UTB was secured, at the "Open File" form level, but row/column security has to be applied directly to tables, am I right?

I'm waiting for some other inputs, and I'll publish the adopted solution, that's a promise!

Thank you again,
Adrian Chimirel
PS See Marty's reply on the Applications forum; it's very interesting, too.

Adrian,

At my actuall client they are using OneWorld security but that is not the most important thing. We are also using Database Security (SQL), since if you only use OneWorld security and you have developpers who know how to use Enterprise Manager (SQL) or Microsoft Access, then they are automaticaly able to access to confidential data. The key to this is that every OneWorld User have a separate "system user" to access SQL, then you don't mind if they have a system user ID and Password because data is also protected at the Database Level.

Be carefull using "only" OneWorld Security, they are some curious employe in every company. Plus the password for testdta and proddta is never a big secret.

Christian Audet

Adrian,

1. I think column or tab security might be something you want to look at for your AP people for AB records. This would eliminate the need for duplicate records.

2. You could also look at setting up a category code on business units and use row security on this CC to lock out groups of Home BU's for payroll information. Less maint than using BU row security.

3. I believe UTB should be secured using the external Calls security. And yes row/column security needs to be applied to tables, but you can use *ALL to secure certain fields in all tables.

4. Also, do not rely on removing menus options from user menus as security. You should secure all payroll aplications using apllication security to be certain unauthorized access is not gained. Are you using OW Explorer or Solution Explorer?