How do I configure SAP HR Security to allow users to update their own SAP HR data?

The P_PERNR authorisation object is delivered in SAP HR (HCM) to enable Employee Self Service. Using this object users you can configure authorisations to allow users to update their own data without giving them access to update other user's data.

The P_PERNR object defines four authorisation fields:

AUTHC - Authorisation Level
PSIGN - Interpretation of Assigned Authorisation
INFTY - Infotype
SUBTY - Subtype

To restrict a user to accessing their own data only use the PSIGN value 'I' and specify the infotypes and subtypes the user should be able access together with the access level they should be allowed.

The following example would allow a user to update his / her own (main) Bank details without being able to change the Bank details of other employees:

INFTY = 0007

The exclude option (PSIGN = E) in the P_PERNR authorisation can also be used in a number of other scenarios to enforce segregation of duties within the HR department.