05-14-2007 11:34 PM
Hi,
I am working on SAP security. I have created various roles (which contains various profile according to given specifications).
There are 12 users who are accomodated under 3 organization positions. Hence each position has 4 people assigned to it.
Now instead of assigning role to each user separately, I would like to assign it to a position and then that position to each user, like this I will save the redundancy and ease maintenence, because if some user leaves the company then I would just need to assign the postion to new user and everything else will be taken care of.
Please help me on this security issue.
Thanks.
Regards,
Rajesh
Thanks.
Regards,
Tushar.
05-15-2007 9:54 AM
Hi,
You can do this by assigning the roles to the position directly through the transaction PO13 and in that select relationships and in that select B007 and add the appropriate role there and save it.
Now after this run in SA38 RHPROFL0 program and this syncronizes the User masters of the effected users.
Hope this helps
Manohar
05-15-2007 5:06 PM
Step1
U should know the Personnel number of the person u want to assign role.
Step2
PA20 to do Org assignment
Info type = get the position number
Step3
Go to PO13 for Position number
You assign the position number to Role (basically you create a relationship b/w Position number and Role here)
Define relationship B 007 Relationship type (Always select this Relationship type)
Step4
Go to SU01; create a user ID for THAT Personnel number ( If the user don't have one)
Step5
Go to PA30 you define relationship between Personnel # and User ID
Create Info Type 105, Subtype 0001
In ID/Number = User ID and save
For personnel number
Step6
Run PFUD
To update user master record i.e. to enter the role that is assigned to that position in org level. Put the Role name and select Reconcile User Master Data and execute.
Or
In SE38 Run report RHPROF0
05-17-2007 10:30 PM
05-18-2007 7:17 AM
Hi,
The steps mentioned by Tahir are infact a combination of activities of the HR and Security folks (now this division is not the same across every SAP landscape depends on how they have segragated the tasks).
But normally of these Org Assignments, 0105 Infotype maintainnence etc would be maintained mostly by the HR Data Entry group.
Now our responsibility is to make sure that these entries are maintained for sure (through PA20 for IT 0105 Subtype 0001)
and perform the remaining operations accordingly.
Hope this helps
Manohar
Message was edited by:
Manohar Kappala
05-21-2007 7:52 AM
Within the Organisation I work for... transaction PA40 is used to create a personnel number, this function also updates important infotypes under the employee record (all configurable via SPRO).
During this process, you may be asked to assign the user to a position number and org unit. If you are not asked, assign the employee personnel record to the position via PO13 (I think its relationship A008 or AY08.. one of them)
If the B007 relationship between position and role (or job key) exists, RHPROFL0 will assign the role to the user master after it has been executed.
Cheers
Nathan