Question:
All,
I am a security administrator on a new implementation using Solution Manager. We haved listed transactions in the transaction tab of Solution Manager. We would now like use SM to develop the roles, as was previously done in the old BPML. However, the end user role tab uses the HR Org structure rather then roles and associates transactions to roles on a 1 to 1 basis. Does anyone have any experience on developing an authorization concept using SM? I have the following questions:
1. Is it better to use a Role based concept and list the transactions multiple times under the same business process when it is used by multiple roles or is it better to use task based roles in which a transaction is only listed in one single role?
2. When developing roles is it possible to associate the transaction to a job or user that will only be used for unit or integration testing? Will this prevent us from using the functionality of the training deployment in SM? Will this prevent us from implementing the HR Org structure later?
Answer:
Role pased is best provided you define a role as "all the access a user needs to perform their Job" corrolary, A user may have one or more jobs.
Your business processes are re-engineered and standardized so an invoice processor is the same everywhere in the organization so the number of redundant tcodes is limited.
Roles can be associated with Jobs, positons, and/or orgstructures and are specified by date range. Most companies associate roles to positions
Answer:
So then in Solution Manager, a transaction would need to be listed multiple times with in a process in order to be associated with the position/roles that need it. Is that correct?
In Solution Manager the options to associate the end user do not include position; options provided are job, organizational unit, and user. What should I do in this case?