Skip to Content

HR and Netweaver Portal User Integration Issue


We have a problem, i hope someone can lead me.

Our portal getting users on LDAP and we are creating same usernames on ECC for SSO. Also we are creating some second users for somebody. For example; My portal username is 123456 and we create same user on ECC for ESS user. But i am working at HR and i must have extra authorizations. For this reason we created a new user name like AA123456. In this case user 123456 have read authorization for XXXX infotype but AA123456 don't have.

What we can do for user deduplication or how can we distinguish user authorization?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Aug 17, 2017 at 11:28 AM

    why do you need two User Ids to begin with? Why can't you just have extra roles?

    Add comment
    10|10000 characters needed characters exceeded

  • Aug 17, 2017 at 07:45 PM

    Hi Colleen,

    In case, portal user (123456) have payroll read role for see only his pay stub. When he login in to R3 with this user , he can see all other pay stubs. But he is not working in the payroll department. He should not see the others with this user.

    For these reason we are creating two different user.

    How can we resolve this issue, do you have any suggestions ?

    Thanks for replying.

    Add comment
    10|10000 characters needed characters exceeded

    • You need to restrict users to p_pernr for their data instead of p_orgin/p_orgincon

      You have a risk if you think that 2 Ids will solve your risk

      Suggest you search for HR authorisation concept

  • Aug 23, 2017 at 10:39 AM

    Hi Abdullah,

    For your scenarios, you do not need multiple user ids for the same person.

    If you want to restrict access to certain infotypes and transactions, then you can create your own roles and provide authorizations for individual infotypes and transactions in the roles.

    This way, you can modify access of any user by assigning them various roles (for eg: Create a role with payroll read access, another role for general data read access) as per your requirement.

    Do let me know in case you face any further issues.

    Best Regards,


    Add comment
    10|10000 characters needed characters exceeded