Question:
Hello - we are implementing a new instance of SAP and Portal and I am not sure of all the steps that need to be completed so any guidance / tips would be greatly appreciated.
Background:
We are implementing SAP HR, ESS and MSS with the latest versions of ECC and Portal (EP6 or EP7). This will be a separate instance of SAP, interfaced if necessary to the planned future instance of FI/CO and other modules.
Company currently has an LDAP - but not used extensively. Not all employees currently in LDAP as not all have network ids. All employees will have a SAP account to enable ESS (via Kiosks etc).
iViews in Portal will call SAP HR and possibly SAP BW.
Scenario:
My initial thoughts are that we try to use SAP HR as the leading system to drive the ESS Portal users and access, in the following way.
1) Create User Master Record in SAP (SU01)
2) Hire employee into the org structure (via HR processes)
3) Populate Infotype 0105 with SAP username
4) Populate Infortype 1016 - with SAP role to be assigned to allow ESS access (not sure about this aspect) or role could be assigned in 1) above
I am not sure of the next steps - I think there must be a way in a SAP table to map the ESS SAP role to the ESS Portal Role (is this via WP3R?)
then I am hoping that a standard job can be run (is this RSLDAPSYNC_USER) that will create the user in the Portal (UME?) and assign the correct Portal role ?
For MSS and HR Power users - we would continue to assign SAP roles via SU01.
Can anyone assist with how this should / could work? and what steps need to happen in SAP and Portal to enable it ?
Thanks in advance
Answer:
Following things can be done in the portal.
1. Portal should be authenticating against the ABAP system. Then you would not need to explicitly create IDs in the portal
2. In the Portal, you can map the Portal Role to the corresponding ABAP role. That way, when you assign the ABAP role, the user will have the required Portal role too.
Answer:
Thanks very much for the tips
When you say in 1. "Portal should be authenticating against the ABAP system"
- how is this done?
- Do you still use the UME in the Portal?
- And if authenticating against the ABAP system does this mean all user admin (password resets etc) happen in the ABAP system as well?
In 2. "you can map the Portal Role to the corresponding ABAP role" - how / where is this done in the Portal?
Thanks in advance
Answer:
The company I am workign at doesn't have an LDAP in place.
At this company we are implementing an HR only instance for 30,000 employees. All employees need to access ESS and a bunch of will have MSS - via the Portal. The rest of the users - around 200 will access SAP via the GUI. What I am trying to work out is how we get access to 30,000 ESS users.
My thinking is that as these users will have already have a personnel record and a corresponding User account in SAP - we should use this as the leading system to update the Portal.... however I am unsure how this will work. From your experience can you offer any ideas?