on 01-29-2014 9:40 AM
Hi,
I implemented the IDM 7.2 the provioning of role based on HCM position,
however due to a E&H process the number of position are growing, also we need to update the matches of business role and position.
Does anyone faced with this issue?
Does anyone have another solution not based on the position?
Hi Eduardo,
What is exactly your problem, because I didn't get it?
BR,
Simona
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Eduardo,
You're pretty much going to have to do this manually. I don't know your whole process but I can see two possibilities (please bear in mind that SAP role management is not my specialty)
1. Use the Web UI and each time you get a new position manually assign everything. The good here would be the ability to search and easily assign everything, the not so good is it is provisioning one at a time and the UI can be a little slow.
2. Use a "bulk load" process and document the new role in a delimited (CSV) type file then run a job to read in the new positions with associated roles. On the good side here, it's faster, but you need to make sure your spelling and formatting are correct.
Matt
Hi Matt,
In our case we created one Web Ui task, but to maintaing this is dificult because every month that user is moved of the organization unit ( eg when they change the shift work) new positions are created.
have you implemented IDM provison role based in other thing that is not the position?
Hi Matt,
In our case we created one Web Ui task, but to maintaing this is dificult because every month that user is moved of the organization unit ( eg when they change the shift work) new positions are created.
have you implemented IDM provison role based in other thing that is not the position?
Hi Eduardo,
We use dynamic groups with selection criteria based on the our HCM attributes to automatically provision roles. We have only a small number of roles like this as our org structure is such that position is too fine grained and org unit is to wide for most business areas. So in that way you are right, there may still be a lot of requests being put through IdM manually.
Is this helpful?
Ian
Hi Eduardo
I've set up a solution where the business unit that owned the position was able to apply to have roles added. That removed the workload from 1 IDM admin and spread it across the org. Roles had owners assigned that were required to grant approval for the assignment of Role -> position.
Peter
How do you map the position to the role? What is the relationship between position and role, one role for one position text or multiple roles can be mapped to multiple positions?
How did you implement the automatic assignment in the first place?
And with the role you mean business role in IdM, not an ABAP-role?
What kind of volumes are you talking about?
You can implement the automatic assignment with context based provisioning or as simple as assigning the role to the user where "position text = role name".
All of that depends on the complexity of your data/relationship between the position and role.
regards, Tero
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Eduardo,
I am not sure I understood your actual issue.. The position text alone is then not enough to figure out what role should be assigned? Is the assignment manual in the UI?
What is the common denominator between the users that should go to Role A instead of Role B?
The requirements I've dealt with HCM-integration and any automatic role assignment differ so much that I cannot say there is any rule or best practice. It's been organizational unit, country, cost center, Z-fields..
regards, Tero
Hi Tero,
Yes the position text is not enough, eg the position name is HR analyst I, in one OU the person does the payroll, in other OU the person which has the same position name HR analyst I does the organization management,
we pretended to do it automatically,
the fiedls that youposted was helpfull, can you share the z-fiels?
we can request to the abaper to develop it
Hi Eduardo,
I would make this a business problem. If you can articulate the information you have in IdM, they should be able to define which criteria allow you yo determine who should get a role. If they can't, then you either need more information into IdM, or some additional manual intervention will be required.
Hope that helps?
Ian
Eduardo Hino wrote:
the fiedls that youposted was helpfull, can you share the z-fiels?
we can request to the abaper to develop it
Hi Eduardo,
my attribute list was just an example and I tried to highlight that there is no best practice or no one here can tell you how to do it.
As Ian said it is a business problem. You need to have requirements (by whom depends on your organization and your own role in it) analysis done first, then visit the IdM-datamodel to see whether the data in the system exists that can provide the basis for linking the users to roles. Then you must build your IdM-role model according to the requirements and build the needed configuration to connect the users to correct roles.
When you know the requirements then this forum can help you building your solution.
regards, Tero
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.