Assign permission roles through organisation chart

Here we have a position and employee holding it. An employee has 0105 infotype record with system username. Boom, we have everything to set up automatic permission roles assignment to this user based on his position or job in the organizational chart. If that Vasya was hired to a manager role, he’ll get manager role assigned to him the same time we have 0001 infotype created. When he moves to HR Director his manager role is revoked and a new one assigned to HR Director. Once he gets┬áterminated all permissions are revoked immediately. Information Security Officer will adore you. Here is a standard solution to assign permission roles in SAP HR.

Should we do this?

Read More

Automatic PFCG roles assignment

There is a magic tool in the system that allows you to assign PFCG roles based on organization position. It means we can use org chart to say what roles and structure profiles to assign to users who holds that position. Let’s say for HR department we can assign role “HR Manager” and ALL structure profile. WHen somebody moves to HR department system will automatically assign that role and profile to him. The same if somebody leaves HR department role and profile will be revoked. There is no need to call IT to grant/revoke access. This is old mechanism, not very flexible, bo SOD control, but it works. New solution is SAP GRC.

Read More