Part 2: Protect Sensitive Personal Information in SAP HR

  • by Greg Robinette, Systems Engineer, Huntington Ingalls Industries–Newport News Shipbuilding
  • December 15, 2006
Modify search helps in your SAP system to help reduce the risk of inadvertent exposure of personal identifying information.
Key Concept

The search help function in HR executes searches in two primary ways: PREM searches and InfoSet searches. The searches execute as part of standard SAP functionality that aid in finding relevant data for any given field for a range of transactions and processes. SAP has always provided this functionality; the system determines the type of search method to use. Users activate search helps by selecting the drop-down icon or the F4 keys while their cursor is in a personnel number field (PERNR). All PERNR-related search helps could expose personal identifying information.

Many companies are moving away from using SSNs for unnecessary reasons because this practice might lead to a breach of employees’ personal security and privacy. Companies still using the SSN for purposes not related to its prescribed use in payroll, tax, and benefits may potentially face costly legal bills and new liabilities.

Despite your best efforts to remove SSNs from view, searches using the personal ID (PERID) as a search help field can lead users to SSNs and other personal identifying information (PII). The search help function (F4) in SAP provides a tool to identify personnel records stored in the SAP HR system. I’ll examine two key search help components and show how to use them to reduce the exposure of PII data in your company.

The first component associated with the search help is the delivered search help PREM. PREM is the delivered collective search help for personnel numbers (PERNR). Your system uses it when you need to determine a personnel number. Table DD30X stores the search helps. This table uses predefined fields that the system identifies as commonly used criteria in personnel data searches.

Search helps also can use an SAP-defined or customer-designed InfoSet as a search tool. R/3 and mySAP ERP Central Component (ECC) 5.0 and 6.0 use InfoSets with the querying tools InfoSet Query (formally Ad Hoc Query), SAP Query, and delivered SAP reports. HR InfoSets usually consist of master data infotypes in Personnel Administration (PA) and organizational infotype data in Organizational Management (OM) or Personnel Development (PD). The delivered tools and queries usually use one of the SAP-defined logical databases. The key HR logical databases are PNP and PCH. The SAP system determines the logical database for any delivered functionality and companies determine the logical databases for their specific needs.

The search help functionality consists of queries of personnel data to determine a list of possible selections. Users see this list and select the record they wish to examine or process. The search help uses key data fields to provide criteria to search for personnel records. Some of these fields may allow access to PII data. My advice about search helps applies to all versions of R/3 and ECC. The InfoSet parts apply to R/3 4.6C and above because InfoSet functionality was not present before then.

Greg Robinette

Greg Robinette is currently a Level 5 Systems Engineer at Huntington Ingalls–Newport News Shipbuilding. His primary focus is on the SAP systems and supporting the delivery of HR, Payroll, and Environmental, Health, and Safety business value. He is an active member of the Newport News Shipbuilding Information Technology Change Agent Network and provides support as needed to the Systems Engineering Community. Previously, Greg was an independent SAP HR/HCM, SAP Security and Privacy Technology consultant with over 15 years’ experience in SAP HCM, SAP security, HRIS, and privacy consulting. He is certified as an information security manager (CISM) by ISACA, as a Project Management Professional (PMP) by the Project Management Institute, as a Scrum Master (CSM) by the SCRUM Alliance, and as an SAP HR/HCM consultant by SAP.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.