Question:
Hi Gurus,
Would you please clarify me the following questions on role based security ???
1) When we use role based sucurity, do we need to create users using SU01 or how does this go ???
2) How to attatch created roles to above said SAP users???
3) How does org. structure looks like. I mean to say each org. unit is attached to some positions and each position is attached to one employee .....
4) Hope this is fully automated ? menas when an employee moved from one position to other he gets new roles assigned from new position.
5) Would you please give me step by step instructions how to go about it???
Thanks for help in advance.
Guest55
Answer:
Would you please clarify me the following questions on role based security ???
1) When we use role based sucurity, do we need to create users using SU01 or how does this go ???
Ye, Role based security is all the access a user needs to do their job, caviat some users will have more than one job, hence two roles.
2) How to attatch created roles to above said SAP users??? SU01 or PFCG all the samer code. OR attache the user to a position , role to a position and run RHPROFL0 to automate
3) How does org. structure looks like. I mean to say each org. unit is attached to some positions and each position is attached to one employee ..... A position is attached to an org unit an a person is attached to that position vis IT 0105 ST 0001 and th eroles are attached to the position if you use position based security.
4) Hope this is fully automated ? menas when an employee moved from one position to other he gets new roles assigned from new position. Yes if you use RHPROFL0
5) Would you please give me step by step instructions how to go about it???
Thanks for help in advance.
Guest55
Answer:
hi sapfan & John
In my company we have not used Structural authorisation.
All I have done is assign the job roles using Org. mangment with
in PFCG to a positions. Recently we had staff leaving the
company in HR and some of them moved positions within the
company. This caused me problems becuase HR told me
users have lost their acces when they(HR) changed these
employees position with Org. Structure.
I always thought RHPROFL0 is only used for structural authorisations
and now reading this post, I am not so sure.
If I run this program, will it assigned the employee the job role for
his /her new positions??
If you think, I should run it, then which check box in the
program I need to tick/untick.
how will I check the difference between before & after the run???
Also, how the the program response to a situation where
the employee moved to a newly created
position with no job role assigned to it yet.
thanks
Guest345
Answer:
Working as designed. Security by position is intended to be BOTH structural and Standard role assignment. If you want only the Structural authhorization to be evaluated you mark only the PD Authorization in the Generate authorization profile box. But since you are assigning rooels via PFCG to the position then and user reconcilliation you perform may remove the roles if the user is no longer in the position.
Further is the Structural authorization is not on the person's new position then the user will loose the PD profile and inherit the one assigned to SAP* which genreally is ALL access.
SO the system is working as designed it is just that HR did not know they have one more peice of responsibility when creating new positions and tha tis to deifine the roles required to perform that persons job.
Answer:
Hi john & sapfans
I am now confused person. In your reply to Gust55 you said"
"4) Hope this is fully automated ? menas when an employee moved from one position to other he gets new roles assigned from new position. Yes if you use RHPROFL0 "
I took it that If I run RHPROFL0 with PA authorisation option only ticked
this will assign the user to the role which in turn is assigned to the
NEW position the user has moved into.
As I said in my previous post, my problem is employees are losing
their access becuase HR division is moving their position within the
org strutcure. I thought the above program will assign them the job role
linked to their new position.
please advice if this is the case.
thanks
Guest345
Answer:
Yes but it will remove the access from the old position, you cannot have both. the position dictates what the user has. If you move positions then RHPROFL0 should remove the access associated fromt he old positionand add the access from the new position.
Answer:
You need to builda good relatinoship with your HR people, so that they keep you informed of changes.
We used posiiton based security and for some reason HR are incredibly fond of creating new positins at the drop of a hat so when someone gets shifted there's a fair chance thy'll end up in a new positin with no acess assigned. I need to determienwhether their new position requries same access as before or different, ie have they had a substantial job change or are teams just doing another minor restructure.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.