cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PC 2.5 - Corporate level Roles

Go to solution
yudittzruya
Participant

on ‎04-19-2009 8:35 PM

0 Kudos

Hello All,

We a dilemma regarding the assignment of the u201CInternal Controlleru201D Role (which is in the corporate level).

The management want a certain user to be the Internal Controller for all the process and organizations except the ones related to HR.

Meaning they do not want this user to have access to test results that concerns Payroll data and so on.

Because the u201CInternal Controlleru201D role is in the corporate level I canu2019t exclude one of the HR organization and/or process from this.

Does anybody has an idea for a solution ?

Thanks

Yudit

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-27-2009 2:25 PM
0 Kudos

Yudit,

The problem is that corporate roles span all organizations. The only thing I can think of is to identify all tasks that allow this access. DISP-TSTRE most likely, but possibly also DISP-REPT, DISP-CDASS

DISP-CEASS and a few others. Remove these tasks from the Internal Controller role, create org level reporting roles and assign all of these tasks to those roles roles except for payroll to the Internal controller role. Kind of ugly because you'll then have to assign several roles for reporting purposes. You could also modify your org structure to simplify this requirement by having Payroll off by itself. This way you won't have to assign 30 organizational reporting roles. Best case scenario you could have 2 org level reporting roles for reporting: payroll and nonpayroll.

But your issue is not just for Corporate controller role, it is for several others as well. DISP-TSTRE is in COR-AUDMGR, COR-CEOCFO, COR-INTAUD and other lower level roles that are probably OK because the resposible people for those areas are probably assigned.

This is going to require some security customization and a fair amount of trial and error. We did a fair amount of this ourselves. We did a presentation at GRC2009 that had a handout on security structure youi might find helpful. See if you can find someone who attended. If not, I can forward it to you.

I hope this helps.

Matt

Show replies
Show replies
yudittzruya
Participant
‎05-14-2009 9:02 PM
0 Kudos

Thank you all for the support.

Matt, it would be great if you can send me the presentation.

regarding the role assignment, when we try to assign the tester role (on the process level), the fields are not open for editing.

This happens only with that role - should we try to assign this role in a deferent way from the others

Thanks

Yudit

Answers (1)

Answers (1)

former_member192417
Active Participant
‎04-19-2009 10:56 PM
0 Kudos

Hi Yudit

PC2.5 supports both NWBC level and PFCG level authorization.Please do not provide PFCG level authorization to the Internal Control Manager user for the specific transaction for the HR,which you dont want to.

Thanks

Debraj Roy

Show replies
Show replies
Ask a Question