05-13-2014 3:40 AM
Hi All
I have an issue where a SAP user appears to be receiving role assignments from some HR-ORG object erroneously.
I have checked the user's HR positions and organisational assignments and they do not have any roles assigned.
I also checked the job and no roles are assigned there as well.
Where could these roles be coming from if they are not coming from the position or org unit?
User currently has direct role assignments in SU01 except for 3 roles which appear as indirect assignments (HR assignments) in SU01.
Is this is a bug and is there a note to fix it?
Please could someone let me know why this is happening.
Thanks
Ran
05-13-2014 4:38 AM
Hi Ranjit
Is it definitely Org assignment and not single role belonging to composite?
If not, is position-based security (PBS) meant to be active in your system? Have you checked if PFUD has been scheduled for this scenario? Is this system part of CUA model?
If PBS is in scope, Have you tracked the user id back (0105) mapping to check for all OSP relationships where access may be inherited from?
if asking about a bug/note it might be worth mentioning which Basis Level and SP you are on?
Regards
Colleen
05-13-2014 4:38 AM
Hi Ranjit
Is it definitely Org assignment and not single role belonging to composite?
If not, is position-based security (PBS) meant to be active in your system? Have you checked if PFUD has been scheduled for this scenario? Is this system part of CUA model?
If PBS is in scope, Have you tracked the user id back (0105) mapping to check for all OSP relationships where access may be inherited from?
if asking about a bug/note it might be worth mentioning which Basis Level and SP you are on?
Regards
Colleen
05-13-2014 6:18 AM
Hi Colleen.... Thanks for your email.
Please see below screenshot, it is an Org assignment but single roles also belong to composite roles.
PBS is not meant to be active and PFUD is scheduled as a daily job. CUA is not active here.
User is assigned to a position and org unit but roles are not provisioned via the Org/position. So there is a 0105 mapping, I have checked those positions and org units but no roles are assigned there.
Basis release 731 and level 0005, SP - SAPKB73105.
05-13-2014 11:31 PM
05-15-2014 6:02 AM
05-15-2014 6:05 AM
Colleen.... I also have a probable fix from a colleague which I haven't tried yet. Will let you know if that fixes the issue.
cheers
05-13-2014 2:59 PM
Hi Ranjit,
It seems to me that is an indirect role assignment derived from a position based security strategy in your HR system.
Take a look at the link below, it might help you to see where that is coming from.
Indirect Assignment of Roles - SAP Security easy way to learn sap security!!
Regards;
Fernando
09-18-2014 8:42 AM
09-18-2014 9:16 AM
Hi we sorted the issue by removing Hr org selection in the PFUD job which was running every night