Here we have a position and employee holding it. An employee has 0105 infotype record with system username. Boom, we have everything to set up automatic permission roles assignment to this user based on his position or job in the organizational chart. If that Vasya was hired to a manager role, he’ll get manager role assigned to him the same time we have 0001 infotype created. When he moves to HR Director his manager role is revoked and a new one assigned to HR Director. Once he gets terminated all permissions are revoked immediately. Information Security Officer will adore you. Here is a standard solution to assign permission roles in SAP HR.
Should we do this?
Several steps to setup orgchart and permission roles assignment
First of all, we schedule daily/hourly job for PFCG_TIME_DEPENDENCY report. This report does the maintenance for roles, deleting old, assigning new, generating profiles and other stuff.
Turn on the switch HR_ORG_ACTIVE in PRGN_CUST view to ‘YES’.
Adjust evaluation path US_ACTGR (T77AW view) to your orgchart. pay attention there is a new object – AG. This is a role from PFCG transaction.
For our convenience let’s activate Organizational management button in PFCG: PFCG ? Goto ? Settings ? Complete View.
Then create a relation to S object:
Run PFUD transaction with ‘HR Organizational Management: Reconciliation’ checked on.
We’re all set. Open SU01, find your user and you’ll see a role assigned there.
Another way to ensure is to open your role in PFCG and hit that ‘Organizational Management’ button we activated above.