Skip to Content
0

HR and Netweaver Portal User Integration Issue

Aug 17, 2017 at 11:05 AM

58

avatar image

Hi,

We have a problem, i hope someone can lead me.

Our portal getting users on LDAP and we are creating same usernames on ECC for SSO. Also we are creating some second users for somebody. For example; My portal username is 123456 and we create same user on ECC for ESS user. But i am working at HR and i must have extra authorizations. For this reason we created a new user name like AA123456. In this case user 123456 have read authorization for XXXX infotype but AA123456 don't have.

What we can do for user deduplication or how can we distinguish user authorization?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Colleen Hebbert
Aug 17, 2017 at 11:28 AM
0

why do you need two User Ids to begin with? Why can't you just have extra roles?

Share
10 |10000 characters needed characters left characters exceeded
Abdullah GUNES Aug 17, 2017 at 07:45 PM
0

Hi Colleen,

In case, portal user (123456) have payroll read role for see only his pay stub. When he login in to R3 with this user , he can see all other pay stubs. But he is not working in the payroll department. He should not see the others with this user.

For these reason we are creating two different user.

How can we resolve this issue, do you have any suggestions ?

Thanks for replying.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

You need to restrict users to p_pernr for their data instead of p_orgin/p_orgincon

You have a risk if you think that 2 Ids will solve your risk

Suggest you search for HR authorisation concept

0
avatar image
Former Member Aug 23, 2017 at 10:39 AM
0

Hi Abdullah,

For your scenarios, you do not need multiple user ids for the same person.

If you want to restrict access to certain infotypes and transactions, then you can create your own roles and provide authorizations for individual infotypes and transactions in the roles.

This way, you can modify access of any user by assigning them various roles (for eg: Create a role with payroll read access, another role for general data read access) as per your requirement.

Do let me know in case you face any further issues.

Best Regards,

Rohit

Share
10 |10000 characters needed characters left characters exceeded