- SAP Community
- Products and Technology
- Additional Q&A
- SOD for Composite Roles
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SOD for Composite Roles
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 03-19-2014 3:59 AM
Hi All,
I have a risk analysis scenario as described below.
User has selected 3 composite roles in the request.
Role owner performed risk analysis.
Risk analysis report has High level risks and Medium level risks.
When i drill down to the report, risks are between
First Composite Role - Child Role 1 with
Second Composite Role - Child Role 2
Apart from that everything is fine.
Now if the role owner wants to reject the role causing risks, he should reject entire composite role rather the single roles with in it.
As per role design this is fine. But from risk analysis point of view, rejecting a composite role with 20 other roles just for this one role which has risks is not justifiable.
Anyone has come across this kind of scenario?
Any good practices while creating SOD rules with Composite role design?
Please share your views.
Regards,
Sai.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Sai,
we have similar cases in our enterprise and there is only one approach from my point of view: change the composite roles. Since it is not possible to reject a single role in a composite you have to change the composite assignments.
Just for your information: I am changing composite roles daily to avoid SOD conflicts as users have several composite roles assigned.
As a very good approach we are trying to avoid "critical" single roles in composite roles. For example Sales Order Entry, Customer Masterdata Maintenance, Payment Execution, etc. isn't assigned in a composite role. This "critical" single roles are assigned to users.
Basically I say a composite role should cover 80% of all required roles for a function. Critical assignments should be given based on the end user.
Hope this helps.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Alessandro,
Thank you so much for sharing your views.
I will try to put forward the same point of view in our project to avoid Critical single roles to be included in composite roles. This would be the best possible approach as of now for our scenario.
Will discuss and update you client views on this.
Regards,
Sai.
Answers (0)
- ISAE 3000 for SAP S/4HANA Cloud Public Edition - Evaluation of the Authorization Role Concept in Enterprise Resource Planning Blogs by SAP
- 1H 2024 Product Release - How to copy a role with the latest RBP experience? in Human Capital Management Q&A
- Consuming SAP with SAP Build Apps - Mobile Apps for iOS and Android in Technology Blogs by SAP
- Composite Data Source Configuration in Optimized Story Experience in Technology Blogs by SAP
- SAP Fiori for SAP S/4HANA - Composite Roles in launchpad content and layout tools in Enterprise Resource Planning Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.