Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Position based security

Former Member

‎03-30-2009 6:14 AM

0 Kudos

What is involved in managing the shift, both technically and from a business

perspective, from user based to position based security?

What is the best available documentation on this topic please?

3 REPLIES 3

Former Member

‎03-30-2009 6:42 AM

0 Kudos

Can you pls define wht exactly you are looking into ? As m unable to get your question

Thx

Shilpa

Former Member

‎03-30-2009 8:37 AM

0 Kudos

Hi,

Position based security is the best when compare to user based security. Since organization has many employees working on same positions , a proper authorization structure should be established based on the positions. A user can have more than one positions based on the requirements and auditing guidelines.

User based security gives a big trouble on the long run, as soon as Auditing starts in the organization, you need to again build proper structure.

Regards,

Gowrinadh

Former Member
In response to Former Member

‎04-08-2009 5:47 PM

0 Kudos

Position based security is much easier to maintain if you have a good role design and well defined organisation structure, so that is often the main step in a migration.

It also minimises the security effort in joiner / leaver processing, as this becomes the provisioning of user accounts rather than constant allocations of roles as people move around the organisation or if there is a high level of staff turn over.

One UK council where I implemented position based security needs no security people doing role allocations, as this is now a by-product of the HR processes that have to be followed - only 4,000 SAP users, but shows the benefits really well.

Best approach I've followed is to get the roles to positions worked out off line to SAP and then to use a CATT script or LSMW to actually do the role to position allocations into the org. structure. If the roles are composites referencing roles on other connected SAP systems, you really can do enterprise role allocations from the HR system.

As indirect roles (from the org. structure) and direct roles (in the SU01 record) can exist quite happily together, this updating can be a phased approach, taking areas of the org structure in turn rather than going for a big bang.