Implement Structural Authorizations to your organizational. Itu2019s very helpful for employee transfers and new job responsibilities:-

Structural authorizations are used to grant access to view information for personnel where HR has been implemented. Access is granted to a user implicitly by the useru2019s position on the organizational plan. Structural authorizations are not integrated into the standard authorization concept and structural authorization profiles are not the same as standard authorization profiles.

Example:-

The use of structural authorizations can be illustrated by the following example. A manager can typically view or maintain information on employees in her organizational unit but not employees in other organizational units. When an employee moves from one unit to another his previous manager will no longer be able to view or maintain information about them. Similarly if a manager moves from one unit to another she will be able to see the employees in her new unit.

>

> Implement Structural Authorizations to your organizational. Itu2019s very helpful for employee transfers and new job 

Structural auths have nothing to do with provisioning for employee transfers unless it involves working with HR data. As other have already pointed out, using position based assignment can help in this area.

Robert - There is a process issue here which should be addressed. What is your process for new users? It would be relatively simple for that to be extended for movers too. Depending on your companies appetite for risk (to be honest if you don't have an integrated movers process, they can't be too concerned) you could expire the old access immediately or after a period of grace of 2 weeks for example. The period of grace can help with handovers but does have potential SOD and data visibility issues.

Hi

Even I agree with Alex.

Position based Authroization is not suggested one Until unless the employee is from HR dept or employee involving dealing with HR data.

Better to drive the security policy considereing this type of issues before System is setup .

>

> Ideally your HR Admin should notify you of such changes, or the manager responsible for the staff member. 
> We use position based security, but because HR did not always tell the security admin that a user had changed position, we found that users lost access (users were moved to brand new positions with no access assigned). First thing security knew about it was when the user complained. 
> 
> ... So we had our ABAPers whip up an auto generated e-mail whenever a position was changed, the e-mail was sent to security team, and service desk.  They used the HR dynamic actions as the basis of the programme.
> 
> Even if your access is not linked to positions you could still receive notification of a change of position for a given personnel record.

Sandi,

You are correct, ideally the HR admin should inform security but they do not. However, there is a report that will display all the new positions without security role assignments. You can use the report to be pro-active with assigning roles to positions. Of course this is assuming you have basic role assignments for positions (clerks, office managers, directors, etc). I use the output as a source file for my SECATT scripts to populate roles to positions.

Regards,

-John N.

To manage authorization for Job change user within organization, you should have a proper implemented position based authorization matrix for each functional area like FI, MM, BI, AP etc. If there is any change in position of user. Manager or Super User of person should check his present access in SAP, only after that new requeset should be raised for new access for new position, and in case existing roles are not required , then removal of same also mentioned in access form.

In my view maintainenance of position base matrix or same type role based java tool is best solution to manage this type of issues. Manual cross check is mandatory because there are some execptional cases also exist in business where same person works on 2 different positions.