Question:
Hi All,
Can anyone tell me what is role based security?And also whether it is a good idea to have a role based security or Position based security
Answer:
Check out this link for some good info on role based security
http://en.wikipedia.org/wiki/RBAC
The most important part is: "Within an organization, roles are created for various job functions. The permission to perform certain operations ('permissions') are assigned to specific roles. Members of staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions".
This can be applied to any system. In SAP we build a collection of functions, transactions and authorisations into a container which contains the access that a particular business job requires in the system. Whoever does the job gets this access.
Position based access is the same principle, however the roles (representing jobs) are assigned to positions in the organisational structure. Individuals assigned to the position pick up the relevant access. With position based security you can also implement structural HR auths if you wish.
The choice of how you do it is dependent on a load of factors. If you have a stable organisation and a defined company structure, it can be straightforward to create an org structure and use position based security. One downside is that this can be more complex than just assigning roles to users via their UMR.
Use the search on this forum for position based security to see a few in depth posts on the pro's and cons