Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP R/3 : Indirect Role assignments - Is position unique to every user?

Go to solution
Former Member

‎11-22-2011 3:52 AM

0 Kudos

Hi.

While am exploring /learning SAP R/3 roles and auth, I would appreciate if I could get clarity on the following :

This link on SDN on Indirect role assignments are very informative.

http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/f03e6f6c-8c16-2a10-1581-ed8812e2effe

This link is also more explanatory : http://my.affinitext.com/public/book/5442/-1/1423831

So if my understanding is correct, it is better to assign roles - indirectly by position, so that if an employee's position changes, his role can be removed, based on position again ??? And somewhere we are linking with infotype 105.

My only doubt is : if we are going to assign roles by position and remove the roles by position, so that as the position of an employee changes, the previous roles become null and void and new roles can be assigned as per new position.

So would like to know :

as to whether this position number which we see from PA20, is unique to every user on the system ?

So that, if there is a need to remove a role based on postion, we could remove the role from PO13;

BY doing that, then will it not affect other users ?

Can somebody help me understand this.

Because if i want to see the effect immediately, if i go to PFUD and put the role name and say execute, i see that the role which was removed from PO13 is gone immediately from the user.

Many thanks

Indu

Edited by: Indumathy Narayanan on Nov 22, 2011 9:25 AM

1 ACCEPTED SOLUTION

Go to solution
former_member204634
Participant

‎11-22-2011 6:31 AM

0 Kudos

Hi

I think your question actually is "when position of an employee changes and their access requirement changes - and if position is not unique then how will other users assigned to same position will be affected ? "

"So that, if there is a need to remove a role based on postion, we could remove the role from PO13;

BY doing that, then will it not affect other users ? "

Say an employee A has a job function J and for this job function (line of task) a position P has been assigned to the employee. Now roles which will provide authorization for executing job function in SAP are assigned to this position P and hence user is able to receive authorizations indirectly based on their job function.

Now if their job function changes to another task say K then role would not be removed from existing position to which employee has been assigned which is P but the user's relationship with position (holder) would be removed from position and user's personnel number would then be assigned to a new position (based on their job function/line of task/organization structure).

So its not that the from the position roles would be removed so that the existing position reflects the new job function of the enployee; but employee would be assigned to a new position which maps to their job function. So other employees who continue to remain associated with original job function J and hence position P would remain unaffected by any changes pertaining to employee A.

Hope this helps you out

Prashant

7 REPLIES 7

Go to solution
martin_voros
Active Contributor

‎11-22-2011 4:14 AM

0 Kudos

Hi,

no, position is not unique for each user. You can have multiple employees assigned to one position.

Cheers

Go to solution
Former Member

‎11-22-2011 4:45 AM

0 Kudos

Hi Indu,

Usually only one user will be assigned to a position , but that varies from client to client . that depends on how your org structure is designed.

you can check in po13 if there are more than one holders for that position, if so the role changes assigned to position will impact all the users assigned to the position.

Thanks,

Sanketh.

Go to solution
former_member204634
Participant

‎11-22-2011 6:31 AM

0 Kudos

Hi

I think your question actually is "when position of an employee changes and their access requirement changes - and if position is not unique then how will other users assigned to same position will be affected ? "

"So that, if there is a need to remove a role based on postion, we could remove the role from PO13;

BY doing that, then will it not affect other users ? "

Say an employee A has a job function J and for this job function (line of task) a position P has been assigned to the employee. Now roles which will provide authorization for executing job function in SAP are assigned to this position P and hence user is able to receive authorizations indirectly based on their job function.

Now if their job function changes to another task say K then role would not be removed from existing position to which employee has been assigned which is P but the user's relationship with position (holder) would be removed from position and user's personnel number would then be assigned to a new position (based on their job function/line of task/organization structure).

So its not that the from the position roles would be removed so that the existing position reflects the new job function of the enployee; but employee would be assigned to a new position which maps to their job function. So other employees who continue to remain associated with original job function J and hence position P would remain unaffected by any changes pertaining to employee A.

Hope this helps you out

Prashant

Go to solution
Former Member
In response to former_member204634

‎11-22-2011 8:14 AM

0 Kudos

Hi All.

Thanks for your responses.

If my understanding is correct from the responses :

position could be either unique (or ) non-unique.

in case the position is defined to be unique for a organisation, then removing a role, based on position,

will affect only that particular employee.

BUT in case - for a company the position is not unique.

Am a bit confused.

As as prashant says.

IF user1 moves from position A TO Position B.

and in Position A user1 had roles r1,r2,r3 - related to position A.

and in new position B. user1 now is supposed to have new roles R5,R6,R7 - which you again assign as per new position B.

Does that mean, when the position is not uniquely defined,

the person moves from postion A to position B,

then user1 WILL HAVE roles r1,r2,r3 as well as NEW roles R5, R6, R7 ?

And you have to manually go the user1 AND Remove roles R1, R2, R3 ?

OR may be run a background job, which takes care of these ?

How does these new roles get added ? and old roles get removed with the change in position of an employee

when the position is not uniquely defined ?

Could you please help me understand this.

thanks

indu

Go to solution
former_member204634
Participant
In response to former_member204634

‎11-22-2011 8:57 AM

0 Kudos

Hi Indi

"IF user1 moves from position A TO Position B.

and in Position A user1 had roles r1,r2,r3 - related to position A.

and in new position B. user1 now is supposed to have new roles R5,R6,R7 - which you again assign as per new position B.

"

-1. For roles to be assigned to user indirectly; you need

(a) Define SAP user id mapping to user's personnel number in PA30 (Infotype 0105 and sub type 0001)

(b) Define relationship between position and personnel number (holder) in PO13

In this way HR roles are assigned to user id based on position assigned to user (via the holder relationship)

-2. If user moves from position A to B; then:

(a) It is required to remove holder relationship which exists between user's personnel number and position in PO13

(b) Assign holder relationship between new position B and personnel number

This work should be handled by HR dept.

- When user comparison for roles related to position A and B will take place; the role will be automatically removed/added as per the new relationship defined in PO13.

I hope this clarifies your doubt.

Go to solution
Former Member
In response to former_member204634

‎11-22-2011 9:03 AM

0 Kudos

Thanks a lot Prashant.

I will read about Infotypes and user mappings. So that i could understand what this means.

Go to solution
Former Member
In response to former_member204634

‎12-07-2011 6:09 AM

0 Kudos

GOT IT THANKS.

Hi Prashant.

Good morning and wishes.

Can you please help me understand this.

I understand from HR person that position is uniquely defined (from hire to retire)

and roles are generally given based on position.

However, I see a person : whose roles have been assigned as per position all these years.

He had 2 roles in project A. He now moved into a different project B.

But. when i check, i still see the roles - reflecting on SU01 & well as in the tab of user of the role X under pfcg.

BUT when i check PO13 - and put the position / relationship and say overview.

I dont see the roles at all there.

Why this is so. Why the discrepancy on different screens.

Also How can I get a confirmation that - these roles are actually removed and is not there for the user.

Rather.

How could the removal of roles based on position become completely effective on the system.

So that all screens display the same information.

Also would like to know - whether it is ok to remove the role expiry date directly from PFCG/ROLE Display/user tab/select user/

and then make the role invalid or expired / or extend the expiry.

Many thanks.

Indu

Edited by: Indumathy Narayanan on Dec 7, 2011 12:09 PM

Edited by: Indumathy Narayanan on Dec 7, 2011 1:42 PM

Edited by: Indumathy Narayanan on Dec 7, 2011 5:17 PM