- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- HR-ORG - Indirect Role Assignment
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
HR-ORG - Indirect Role Assignment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2009 5:47 PM
Hello
We are designing the role & security strategy in a new implementation project. The best security strategy seems to be an indirect role assignment via SAP organizational structure. We've looked for some information about that, but we have some doubts about it (we have downloaded "HR-ORG - Indirect Role Assignment" and "User & Roles" files from SAPNet).
The organizational structure will have a lot of leaves named "explotacion". Every leaf will have a different company code, sales organization, sector and so on... On the other hand, it's a requirement that a user obtains automatically its roles when its moved through organizational structure.
Our plan consists in create several primary roles (for example, sales manager). Then we will create a lot of derivate roles which will inherit all authorizations from the parent role. However, it shouldn't inherit organization field values... Then, when this role is assigned to a position, this role should obtain all organizational field values (company code, sector, ...) from our organizational structure.
Is it possible? How can we do that?
Best regards,
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2009 5:13 PM
As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2009 6:13 PM
That's not possible in the standard because the indirect role assignment will assign existing roles only and not change any roles.
So derive your roles for every (new) organization and connect the roles with your org chart afterwards.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2009 12:13 PM
Hello Sergio,
When we have a master and derived role concept everything gets inherited from the master role to the derived role except for the org management data.So if we have maintained the Org Level through the Org Management then it should work.
Kindly check with a test role and I am sure it would work fine..
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2009 5:13 PM
As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon
- SAP Managed Tags:
- Security
