Hi all,

we are working on a Security project and the final goal is to manage all authorizations with HR-OM (organizational management).

The most of users are working on ECC6 system which is a different system respect the HR.

Up to now, we are designing the roles through the concept of composite roles (job roles) and simple roles.

The standard SAP approach is based on the chain u201CPerson-User (infotype 105)/ position/job/organizational unitsu201D but, since in our situation the HR-OM is on a different system respect the ECC6, we cannot assign users and roles to HR-OM positions.

In HR system we have all employees (linked with users through infotype 105-0001) distributed in the HR-OM structure.

In ECC6 system we have all users and all necessary roles.

The question is: how we can link the HR system (having PA and OM) with the ECC6 system (having users and roles)?

We imagine the following scenarios:

1) Replicate the HR-OM structure (with PFAL transaction) on ECC6 system and make the link position/roles in the ECC6 system

2) Create a custom table in HR system in which we maintain the relationship position/roles then we create an ABAP program which compute in the ECC6 system the link users/roles

3) We implement an Identity Management solution which will be the bridge between SAP HR and ECC6

4) We implement a CUA in the HR-system (not sure it makes sense)

Do you have suggestions ?

Andrea