HCM SecurityInfotypes

Infotypes

Infotypes or Information Types always form an integral component of any discussion on SAP HCM. In general infotypes are structures to stores related HR data. For example, address of an employee is stored in an unique infotype 0006. Similarly we have different infotypes storing personal data (0002), bank details (0009) , basic salary (0008), etc. Some infotypes are further sub-divided into subtypes, an example being the address infotype. An address entry can belong to the subtype permanent residence, temporary residence, emergency address, mailing address, etc. Infotypes are relevant from a security standpoint as SAP provides standard authorization objects which allow us to secure infotype, subtype combinations for users.

The first thing to note from the above examples is that all of them are attributes of a person. You store address of a person, salary of a person, bank details of a person. Howver, infotypes can just as well store attrbutes of HR objects like positions, jobs, tasks, etc. Depending on whether an infotype stores attributes for a person or a HR object, we can divide them into infotypes required in Personnel Administration (PA) or Personnel Planning (PP) respectively. The PP infotypes are also referrred to as infotypes for Organizational Management (OM)or Personnel Development (PD). The distinction between PA and PP infotypes is important for security as the two basic types of infotypes are secured by means of different authorization objects.

Another point to note from the above examples is the fact that each infotype is associated with an unique 4 digit number. This unique identifier might vary from 0000 to 9999 and is broken into sub-ranges depending on the type of the information stored as shown below

  • 0000 – 0999 – Personnel Administration (PA)
  • 1000 – 1999 – Personnel Planning (PP)
  • 2000 – 2999 – Time Management (PA)
  • 4000 – 4999 – Recruitment (PA)
  • 9000 – 9999 – Customer Specific (Can store either PA or PP information depending on infotype configuration

This preliminary introduction to infotypes would help us in our later discussions when we investigate ways to secure individual infotypes.

12 thoughts on “Infotypes

  • Aninda

    Do you have a list of critical Infotypes/ subtypes that we should make sure are secured in any SAP Environment? Thanks in advance..

    Reply
    • Sorry, but I don’t have a list of critical infotypes which might be secured as any list will vary widely with country or even the industry that you work for. Security for HR data is all dictated by the privacy policies of an enterprise or the prevailing privacy related laws in the country. Its normally not dictated by the security team. I would suggest getting in touch with the Privacy Officer or the Chief Information Officer in your organisation for guidance on what needs to be protected. Give them a list of the infotypes in the system and ask what should be the protection level for each of them.

      Reply
  • Regarding infotypes…why is infotype 0105 subtype 0010 important and why is it that it needs to be maintained? Thanks in advance

    Reply
    • Not absolutely sure, but subtype 0010 is probably for email. Check transaction SPRO for infotype configuration. You can get names of all infotypes/subtypes defined in system.

      Reply
    • Shanker Balaji

      Dear Aaina,

      First I Really Would like to appreciate Aninda for his website…and helpful replies on our questions……………………

      The infotype Communication (0105) performs the following tasks:

      It stores the system user name that is necessary for using SAP-Business-Workflow and SAP-Office. The user name that was set up in the subtype for the active SAP system is used for both of these applications.
      It stores an employee’s communication data, for example, the fax number or the Internet address.

      Regarding subtype 0010 will be used for email as Aninda said

      Reply
  • Hi Aninda,
    Hope your doing great…
    I have small doubt… why there is a gap in the series on infotype.. like there is no infotypes from 3000 to 3999? any specific resion?

    Thanks,
    Rafeek

    Reply
    • Hi Rafeek,

      Good question but unfortunately I don’t have an answer for it 🙂 A HR consultant might be more helpful. From a security standpoint, I don’t think it makes a lot of difference. The key thing to remember is that the OM infotypes are maintained through PP01 and the rest through PA30. Correspondingly security for OM infotypes would differ from any of the other ranges.

      Regards,
      Aninda

      Reply
  • you had missed the infotype from 5000-5999 E-recruitment & E-learning

    Reply
    • Aninda

      Hi Bhaskar,

      I have not worked on E-recruitment yet so thanks for pointing out.

      Regards,
      Aninda

      Reply
  • Arunkumar

    HI Aninda,

    Iam working on a implementation project.When the HR person is trying to create PERNR records via PA40,it is giving an error message No authorisation to maintain actions z1 exists,is this anything to do with infotypes?.any idea how to resolve this,since su53 and trace do not catch any missing authorisations.

    Reply
    • Aninda

      To run any actions in PA40 you need write access to infotypes 0000 (Actions) and 0302 (Additional Actions). My guess is Z1 is the custom action type that you are using for hiring employees. You can use this as a subtype for IT 0000 if you have a requirement to secure actions at action type level. However, a trace should catch this error.

      Reply
  • Arunkumar

    thank you aninda,it was so kind of you.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *