on 04-29-2011 2:12 PM
Hi Experts,
Can the authorizations in Nakisa modules be managed independently from those defined in SAP Back-End/Portal knowing that SSO is needed ? Does it depend on the Nakisa module version ?
To provide more details : hereafter are the requirements. Is it possible with standard features ?
HR user authorization :
- In Back-End/Portal (ECC6.0 EhP4) : Restricted access based on structural authorization and filter on grade (No issue for that thanks to SAP)
- In Succession Planning (V3.0 SP1) with SSO : Same restricted access as in Back-End/Portal (No issue for that since from what I understand, authorization are leverage in NAKISA from SAP)
- In OrgChart (V1.1) with SSO : No restriction, every employee must be seen => Issue ?
Manager authorization :
- In Back-End/Portal : Restricted access based on structural authorization (No issue for that thanks to SAP)
- In OrgChart (V1.1) with SSO : Same restricted access as in Back-End/Portal => Issue/conflict with previous requirement for HR user authorization ?
Thanks for your help.
Cheers.
Hi Kevin,
There are 5 roles assigned to different users in Nakisa,
With Role Mapping you can link the Nakisa roles to SAP roles. The assignment to the SAP roles are at back of Admin guide.
Executive /NAKISA/OM_COMMON
IDESUS_EXEC_LINEMANAGER_MENU
Everyone /NAKISA/OM_COMMON
ROLE_EVERYONE
Assistant /NAKISA/OM_COMMON
IDESUS_ASSISTANT_LINEMANAGER_M
HR (Human Resources)
/NAKISA/OM_COMMON
IDESUS_HR_ESS_MENU
Manager /NAKISA/OM_COMMON
IDES_HR_MANAGER
When user accesses information that requires them to make a call to SAP, the connection string is used.
Depending to how Nakisa is set up, the user name and password of the user will be used in this connection string.
Hope this helps,
Kind Regards,
Matthew
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kevin,
I am unsure exactly on your requirements and what your question is. If it is not resolved by Matthew's post then please let me know what issues you still have.
Best regards,
Luke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Luke, Hi Matthew,
Let me reword just to be sure : Can the following authorization requirements for Nakisa modules be implemented thanks to Nakisa standard features in the described context ?
Context :
- An HR user has authorizations defined in SAP Back-End/Portal with structural authorization and filter on population.
Authorization requirements for Nakisa modules :
- From SAP Portal and under SSO, this HR user connects to Succession Planning (V3.0 SP1) with same restriction as in SAP
- From SAP Portal and under SSO, the same HR user connects to OrgChart (V1.1) without any restriction (every employees must be seen)
Thanks to you both.
HI Kevin,
Context :
- An HR user has authorizations defined in SAP Back-End/Portal with structural
authorization and filter on population.
If you are using OrgChart in Live mode with any authentication mode other than anonymous then these authorizations will be used for all calls by OrgChart to SAP.
Authorization requirements for Nakisa modules :
- From SAP Portal and under SSO, this HR user connects to Succession Planning (V3.0
SP1) with same restriction as in SAP
This will be the same, although if you are using EhP4 an Area of Responsibility must be set between the Position of the HR user and the OrgUnit(s) for which they are responsible for Succession Planning.
- From SAP Portal and under SSO, the same HR user connects to OrgChart (V1.1)
without any restriction (every employees must be seen)
This will only work if you use anonymous authentication or the Staged mode. The structure may be visible to everybody if you do not make any customizations for dynamic rooting, although this depends on your authorizations.
I hope that helps.
Best regards.
Luke
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.