Hi Reshma
If you are only restricting based on Personnel Area then all you need to do is maintain either authorisation object P_ORGIN or P_ORGINCON depending on your implementation. P_PERNR should only be used where exceptions are required. For example in the ESS role where you want to restrict employees to their own data you only need to maintain P_PERNR PSIGN = I and deactivate P_ORGIN/P_ORGINCON objects, I still tend to keep these objects for infotypes 0000, 0001 and 0002 and not include them in P_PERNR as follows:
P_ORGIN/P_ORGINCON
AUTHC: M, R
INFTY: 0000, 0001, 0002
PERSA: 4000
P_PERNR
AUTHC: M, R, W
INFTY: 0006, 0009, 0021, 0106
P_SIGN: I
P_PERNR
AUTHC: R
INFTY: 0008, 0014, 0015, 0106
P_SIGN: I
If access is for a Payroll Officer where you want to restrict based on Personnel Area and prevent them from maintain their own basic pay then the following rule applies:
P_ORGIN/P_ORGINCON
AUTHC: M, R, W
INFTY: 0000, 0001, 0002, 0003, 0007, 0008, 0009, 0014, 0015...........
PERSA: 4000
P_PERNR
AUTHC: W
INFTY: 0008, 0014, 0015
PSIGN: E
This method prevents conflict with ESS as it prevents the user from maintaining their own data but still able them to view everyone including their own records.
Cheers
Bill