cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAKISA : Flexibility of authorization management

Go to solution
Former Member

on ‎04-29-2011 2:12 PM

0 Kudos

Hi Experts,

Can the authorizations in Nakisa modules be managed independently from those defined in SAP Back-End/Portal knowing that SSO is needed ? Does it depend on the Nakisa module version ?

To provide more details : hereafter are the requirements. Is it possible with standard features ?

HR user authorization :

- In Back-End/Portal (ECC6.0 EhP4) : Restricted access based on structural authorization and filter on grade (No issue for that thanks to SAP)

- In Succession Planning (V3.0 SP1) with SSO : Same restricted access as in Back-End/Portal (No issue for that since from what I understand, authorization are leverage in NAKISA from SAP)

- In OrgChart (V1.1) with SSO : No restriction, every employee must be seen => Issue ?

Manager authorization :

- In Back-End/Portal : Restricted access based on structural authorization (No issue for that thanks to SAP)

- In OrgChart (V1.1) with SSO : Same restricted access as in Back-End/Portal => Issue/conflict with previous requirement for HR user authorization ?

Thanks for your help.

Cheers.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-29-2011 3:00 PM
0 Kudos

Hi Kevin,

There are 5 roles assigned to different users in Nakisa,

With Role Mapping you can link the Nakisa roles to SAP roles. The assignment to the SAP roles are at back of Admin guide.

Executive /NAKISA/OM_COMMON

IDESUS_EXEC_LINEMANAGER_MENU

Everyone /NAKISA/OM_COMMON

ROLE_EVERYONE

Assistant /NAKISA/OM_COMMON

IDESUS_ASSISTANT_LINEMANAGER_M

HR (Human Resources)

/NAKISA/OM_COMMON

IDESUS_HR_ESS_MENU

Manager /NAKISA/OM_COMMON

IDES_HR_MANAGER

When user accesses information that requires them to make a call to SAP, the connection string is used.

Depending to how Nakisa is set up, the user name and password of the user will be used in this connection string.

Hope this helps,

Kind Regards,

Matthew

Show replies
Show replies

Answers (1)

Answers (1)

lukemarson
Active Contributor
‎05-02-2011 12:19 PM
0 Kudos

Hi Kevin,

I am unsure exactly on your requirements and what your question is. If it is not resolved by Matthew's post then please let me know what issues you still have.

Best regards,

Luke

Show replies
Show replies
Former Member
‎05-04-2011 12:00 PM
0 Kudos

Hi Luke, Hi Matthew,

Let me reword just to be sure : Can the following authorization requirements for Nakisa modules be implemented thanks to Nakisa standard features in the described context ?

Context :

- An HR user has authorizations defined in SAP Back-End/Portal with structural authorization and filter on population.

Authorization requirements for Nakisa modules :

- From SAP Portal and under SSO, this HR user connects to Succession Planning (V3.0 SP1) with same restriction as in SAP

- From SAP Portal and under SSO, the same HR user connects to OrgChart (V1.1) without any restriction (every employees must be seen)

Thanks to you both.

lukemarson
Active Contributor
‎05-04-2011 12:13 PM
0 Kudos

HI Kevin,

 Context :
- An HR user has authorizations defined in SAP Back-End/Portal with structural 
authorization and filter on population.

If you are using OrgChart in Live mode with any authentication mode other than anonymous then these authorizations will be used for all calls by OrgChart to SAP.

Authorization requirements for Nakisa modules :
- From SAP Portal and under SSO, this HR user connects to Succession Planning (V3.0 
SP1) with same restriction as in SAP

This will be the same, although if you are using EhP4 an Area of Responsibility must be set between the Position of the HR user and the OrgUnit(s) for which they are responsible for Succession Planning.

- From SAP Portal and under SSO, the same HR user connects to OrgChart (V1.1) 
without any restriction (every employees must be seen)

This will only work if you use anonymous authentication or the Staged mode. The structure may be visible to everybody if you do not make any customizations for dynamic rooting, although this depends on your authorizations.

I hope that helps.

Best regards.

Luke

StephenBurr
Active Contributor
‎05-04-2011 12:15 PM
0 Kudos

Hi Kevin,

Absolutely yes to your questions.

The security is independent in each module so you can set SP to use backend authorisations and have OrgChart to utilise Nakisa's roles to ensure they can see every employee.

Stephen

Ask a Question