Hi Alpesh

This question relates to ERM in AC.

Thanks for your answers

Rothem

Hi,

You have to check authorization matrix, based upon them, you need to create Business process, sub - process, and create Roles one by one.For initial role creation , better to turn workflow off for them, it will go to generation in one flow.

To turn off workflow, you need to create a methodology which contains only Definition, Authorization, Risk Analysis and Generation. Create one condition group which is associated with new BP and sub -BP say CO and CO-SP and apply new methodology to this condition group. You existing BP roles will follow existing workflow but this new one will get generated without workflow.

After creating all roles in ERM, you may opt for mass maintainance to generate them to backend instead of generating one by one.

Regards,

Sabita

Hi All

Thanks for your answers, I would like to specify more:

What is your recommendation when needed to create a lot of roles at once:

· Use ERM for one role at a time creation? The downside is that it can take a lot of time but then the ERM is in sync with the ECC roles

· Use PFCG/SCAT and manually import roles by excel upload from ECC? The downside is that the user will need to make sure every time that all roles import into ERM

Thanks

Rothem

Hi Rothem,

If you are using Risk Terminator, then Role creation from ECC will also check for risks.

But better do it through ERM, in that way you are confirmed that there are no risks in Roles.

Regards,

Sabita

Hi

If you planning to implement a new module you should consider to hire a security expert. He/she will be able to draw out an authorization concept for you. With clean master roles it is possible to generate high volume of derived roles in PFCG. The roles should be finally tested along with rest of the module during the integration tests. After acceptance they can be uploaded to CUP (or ERM and then CUP).

Vit

Edited by: Vit Vesely on Jun 8, 2009 7:51 AM