01-29-2009 5:47 PM
Hello
We are designing the role & security strategy in a new implementation project. The best security strategy seems to be an indirect role assignment via SAP organizational structure. We've looked for some information about that, but we have some doubts about it (we have downloaded "HR-ORG - Indirect Role Assignment" and "User & Roles" files from SAPNet).
The organizational structure will have a lot of leaves named "explotacion". Every leaf will have a different company code, sales organization, sector and so on... On the other hand, it's a requirement that a user obtains automatically its roles when its moved through organizational structure.
Our plan consists in create several primary roles (for example, sales manager). Then we will create a lot of derivate roles which will inherit all authorizations from the parent role. However, it shouldn't inherit organization field values... Then, when this role is assigned to a position, this role should obtain all organizational field values (company code, sector, ...) from our organizational structure.
Is it possible? How can we do that?
Best regards,
02-26-2009 5:13 PM
As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon
01-29-2009 6:13 PM
That's not possible in the standard because the indirect role assignment will assign existing roles only and not change any roles.
So derive your roles for every (new) organization and connect the roles with your org chart afterwards.
02-26-2009 12:13 PM
Hello Sergio,
When we have a master and derived role concept everything gets inherited from the master role to the derived role except for the org management data.So if we have maintained the Org Level through the Org Management then it should work.
Kindly check with a test role and I am sure it would work fine..
02-26-2009 5:13 PM
As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon