Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAP user assigned with roles from HR-ORG incorrectly

former_member297605
Active Participant
0 Kudos

Hi All

I have an issue where a SAP user appears to be receiving role assignments from some HR-ORG object erroneously.

I have checked the user's HR positions and organisational assignments and they do not have any roles assigned.

I also checked the job and no roles are assigned there as well.

Where could these roles be coming from if they are not coming from the position or org unit?

User currently has direct role assignments in SU01 except for 3 roles which appear as indirect assignments (HR assignments) in SU01.

Is this is a bug and is there a note to fix it?

Please could someone let me know why this is happening.

Thanks

Ran

1 ACCEPTED SOLUTION

Colleen
Advisor
Advisor
0 Kudos

Hi Ranjit

Is it definitely Org assignment and not single role belonging to composite?

If not, is position-based security (PBS) meant to be active in your system? Have you checked if PFUD has been scheduled for this scenario? Is this system part of CUA model?

If PBS is in scope, Have you tracked the user id back (0105) mapping to check for all OSP relationships where access may be inherited from?

if asking about a bug/note it might be worth mentioning which Basis Level and SP you are on?

Regards

Colleen

8 REPLIES 8

Colleen
Advisor
Advisor
0 Kudos

Hi Ranjit

Is it definitely Org assignment and not single role belonging to composite?

If not, is position-based security (PBS) meant to be active in your system? Have you checked if PFUD has been scheduled for this scenario? Is this system part of CUA model?

If PBS is in scope, Have you tracked the user id back (0105) mapping to check for all OSP relationships where access may be inherited from?

if asking about a bug/note it might be worth mentioning which Basis Level and SP you are on?

Regards

Colleen

0 Kudos

Hi Colleen.... Thanks for your email.

Please see below screenshot, it is an Org assignment but single roles also belong to composite roles.

PBS is not meant to be active and PFUD is scheduled as a daily job. CUA is not active here.

User is assigned to a position and org unit but roles are not provisioned via the Org/position. So there is a 0105 mapping, I have checked those positions and org units but no roles are assigned there.

Basis release 731 and level 0005, SP - SAPKB73105.

0 Kudos

What is your PFUD variant and does it include HR Org assignments?

0 Kudos

Hi Colleen ..... Sorry for my late reply. Here it is.

0 Kudos

Colleen.... I also have a probable fix from a colleague which I haven't tried yet. Will let you know if that fixes the issue.

cheers

Former Member
0 Kudos

Hi Ranjit,

It seems to me that is an indirect role assignment derived from a position based security strategy in your HR system.

Take a look at the link below, it might help you to see where that is coming from.

Indirect Assignment of Roles - SAP Security easy way to learn sap security!!

Regards;

Fernando

0 Kudos

This message was moderated.

0 Kudos

Hi we sorted the issue by removing Hr org selection in the PFUD job which was running every night