cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDM 7.2 Problem when position are growing

Go to solution
Former Member

on ‎01-29-2014 9:40 AM

0 Kudos

Hi,

I implemented the IDM 7.2 the provioning of  role based on HCM position,

however due to a E&H process the number of position are growing, also we need to update the matches of  business role and position.

Does anyone faced with this issue?

Does anyone have another solution not based on the position?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-29-2014 11:22 AM
0 Kudos

Hi Eduardo,


  What is exactly your problem, because I didn't get it?


BR,

Simona

Show replies
Show replies
Former Member
‎01-29-2014 12:23 PM
0 Kudos

Hi Simona,

the problem is that every time HR create a new position I need to map whats is the business role corresponding with the position on IDM.

and this volume shows so high

former_member2987
Active Contributor
‎01-29-2014 3:30 PM
0 Kudos

Eduardo,

You're pretty much going to have to do this manually.  I don't know your whole process but I can see two possibilities (please bear in mind that SAP role management is not my specialty)

1. Use the Web UI and each time you get a new position manually assign everything. The good here would be the ability to search and easily assign everything, the not so good is it is provisioning one at a time and the UI can be a little slow.

2. Use a "bulk load" process and document the new role in a delimited (CSV) type file then run a job to read in the new positions with associated roles. On the good side here, it's faster, but you need to make sure your spelling and formatting are correct.

Matt

Former Member
‎01-29-2014 3:57 PM
0 Kudos

Hi Matt,

In our case we created one Web Ui task, but to maintaing this is dificult because every month that user is moved of the organization unit ( eg when they change the shift work) new positions are created.

have you implemented IDM provison role based in other thing that is not the position?

former_member188338
Explorer
‎01-29-2014 4:14 PM
0 Kudos

Hi Eduardo,

We have provisioning for more general HCM attributes such as org unit for exactly the reason you describe. We also cover things like ESS and mss based on some more general attributes.

Hope that is helpful?

Ian

Former Member
‎01-29-2014 5:02 PM
0 Kudos

Hi Matt,

In our case we created one Web Ui task, but to maintaing this is dificult because every month that user is moved of the organization unit ( eg when they change the shift work) new positions are created.

have you implemented IDM provison role based in other thing that is not the position?

Former Member
‎01-29-2014 5:29 PM
0 Kudos

Hi Ian,

but on this way the IDM loss one of the funcionallity? because user will need to request the roles to himself

and also when user is moved on the company change department, the roles are not removed,

former_member188338
Explorer
‎01-29-2014 7:59 PM
0 Kudos

Hi Eduardo,

We use dynamic groups with selection criteria based on the our HCM attributes to automatically provision roles. We have only a small number of roles like this as our org structure is such that position is too fine grained and org unit is to wide for most business areas. So in that way you are right, there may still be a lot of requests being put through IdM manually.

Is this helpful?

Ian

Former Member
‎01-29-2014 9:14 PM
0 Kudos

Hi Eduardo

I've set up a solution where the business unit that owned the position was able to apply to have roles added.  That removed the workload from 1 IDM admin and spread it across the org.  Roles had owners assigned that were required to grant approval for the assignment of Role -> position.

Peter

Former Member
‎02-03-2014 9:29 AM
0 Kudos

Hi Ian,

Please what Hcm attributes do you usually use?

Answers (1)

Answers (1)

terovirta
Active Contributor
‎01-29-2014 7:51 PM
0 Kudos

How do you map the position to the role? What is the relationship between position and role, one role for one position text or multiple roles can be mapped to multiple positions?

How did you implement the automatic assignment in the first place?

And with the role you mean business role in IdM, not an ABAP-role?

What kind of volumes are you talking about?

You can implement the automatic assignment with context based provisioning or as simple as assigning the role to the user where "position text = role name".

All of that depends on the complexity of your data/relationship between the position and role.

regards, Tero

Show replies
Show replies
Former Member
‎02-03-2014 9:31 AM
0 Kudos

Hi Tero its very similar with your idea however the business role name has the position_id,

the HR team creates more or less 800 positions per month

Former Member
‎02-03-2014 9:31 PM
0 Kudos

800 / month?  Yeah, thats not really going to be managable.  I agree with whoever said go with something like 'organisational structure' - with that many positions the granularity is not going to be worth the effort.

Peter

terovirta
Active Contributor
‎02-05-2014 6:04 PM
0 Kudos

Like suggested you would need to pick another HCM-attribute. Or depending how the positions are named maybe you could derive the role to be assigned from the position text(?).

regards, Tero

Former Member
‎02-05-2014 6:12 PM
0 Kudos

Hi Tero,

what HCM atributte does the custommer usually use?
because the name that was put on the jobs and positions are very generic the same position name in two diffents OU do different totally things

terovirta
Active Contributor
‎02-05-2014 6:24 PM
0 Kudos

Hi Eduardo,

I am not sure I understood your actual issue.. The position text alone is then not enough to figure out what role should be assigned? Is the assignment manual in the UI?

What is the common denominator between the users that should go to Role A instead of Role B?

The requirements I've dealt with HCM-integration and any automatic role assignment differ so much that I cannot say there is any rule or best practice. It's been organizational unit, country, cost center, Z-fields..

regards, Tero

Former Member
‎02-06-2014 9:05 PM
0 Kudos

Hi Tero,

Yes the position text is not enough, eg the position name is HR analyst I, in one OU the person does the payroll, in other OU the person which has the same position name HR analyst I does the organization management,

we pretended to do it automatically,

the fiedls that youposted was helpfull, can you share the z-fiels?
we can request to the abaper to develop it

former_member188338
Explorer
‎02-06-2014 11:25 PM
0 Kudos

Hi Eduardo,

I would make this a business problem. If you can articulate the information you have in IdM, they should be able to define which criteria allow you yo determine who should get a role. If they can't, then you either need more information into IdM, or some additional manual intervention will be required.

Hope that helps?

Ian

terovirta
Active Contributor
‎02-07-2014 9:28 AM
0 Kudos 


Eduardo Hino wrote:




the fiedls that youposted was helpfull, can you share the z-fiels?
we can request to the abaper to develop it

Hi Eduardo,

my attribute list was just an example and I tried to highlight that there is no best practice or no one here can tell you how to do it.

As Ian said it is a business problem. You need to have requirements (by whom depends on your organization and your own role in it) analysis done first, then visit the IdM-datamodel to see whether the data in the system exists that can provide the basis for linking the users to roles. Then you must build your IdM-role model according to the requirements and build the needed configuration to connect the users to correct roles.

When you know the requirements then this forum can help you building your solution.

regards, Tero

Ask a Question