There is a magic tool in the system that allows you to assign PFCG roles based on organization position. It means we can use org chart to say what roles and structure profiles to assign to users who holds that position. Let’s say for HR department we can assign role “HR Manager” and ALL structure profile. WHen somebody moves to HR department system will automatically assign that role and profile to him. The same if somebody leaves HR department role and profile will be revoked. There is no need to call IT to grant/revoke access. This is old mechanism, not very flexible, bo SOD control, but it works. New solution is SAP GRC.
To assign role automatically and create a user we need to perform some steps:
- User name in infotype 0105 for personnel number who will be assigned to a position with role assignment
- PFCG roles in infotype 1016 for O/S/C objects in orgchart
- Structure authorization profile in infotype 1017 in orgchart
- Run program RHPROFL0