11-26-2009 5:40 AM
11-26-2009 6:35 AM
Whenever you have master-derived role concept, always change all non organization fields in master role and distribute it to the child roles by "Generate derived roles" in authorization tab. changes will be distributed to all the derived roles automatically. For non org related field if you manually change in child roles that are very risky, because by any mistake somebody distributes the changes in master roles it will overwrite the manual changes in child role. So, it's better to change in master and distribute to child role.
( or )
Using report PFCG_ORGFIELD_CREATE you can change a non org field to org field. Let say if you have different doc type for different business unit, you can make the field BLART (doc type) as org field by using PFCG_ORGFIELD_CREATE. Then you can easily maintain diff doc type for diff business. Hope this is the strategy what you were looking for.
11-26-2009 6:35 AM
Whenever you have master-derived role concept, always change all non organization fields in master role and distribute it to the child roles by "Generate derived roles" in authorization tab. changes will be distributed to all the derived roles automatically. For non org related field if you manually change in child roles that are very risky, because by any mistake somebody distributes the changes in master roles it will overwrite the manual changes in child role. So, it's better to change in master and distribute to child role.
( or )
Using report PFCG_ORGFIELD_CREATE you can change a non org field to org field. Let say if you have different doc type for different business unit, you can make the field BLART (doc type) as org field by using PFCG_ORGFIELD_CREATE. Then you can easily maintain diff doc type for diff business. Hope this is the strategy what you were looking for.
11-26-2009 6:52 AM
Hi Raja,
Thanks for the reply.Actually I have a set of composites and I have to add a PO doc type to the derived roles used in these composites only.
It would be great if you can provide me a solution for this situation.
11-26-2009 7:57 AM
1. Please discuss with your basis team to give authorization to a particular document types only in PO for a user.
( or )
2. Create separate role and for this role assign those document types and assign users. Assigned user can create PO with the document type assigned in that particular role.
11-26-2009 9:01 AM
Hi Raja,
Thats what I want to know, how do we do that. Where can I find details about document types as I am not very clear about its concept. And secondly whats the procedure for adding a DOC type to a role.
11-26-2009 9:49 AM
This is very basic security principles. Your security team will know exactly how to solve this issue. I recommend that you speak to them and they will be able to advise. Raja has already given you all the information you require to investigate the issue.
If you have been tasked with this then I strongly recommend that you contact a member of your company or team who can talk you through it and give you some training at the same time.
If you want to learn more about document types then speak to your functional team who will explain what they are used for in the context of the companies business processes. There are doc types used in lots of different areas and they have corresponding authorisation objects that need to be updated in the master role.
11-26-2009 9:54 AM