The employees or users require appropriate authorizations to perform their tasks. As the authorization administrator, you can assign the roles required for this (single and/or composite roles) directly using transactions SU01, SU10, and PFCG or indirectly using the organizational management model.
If the employee changes, you do not need to assign the role to the new employee again, but only the position. In this way, the new employee automatically receives the roles assigned indirectly through the position.
Prerequisites
● You have defined an active plan variant in the current client.
● The infotype 0105 is maintained in the HR system, so that the connection between the employee and the user ID can be created.
● The Customizing switch HR_ORG_ACTIVE in table PRGN_CUST is set to YES to activate the organizational management for role administration.
● The evaluation path US_ACTGR (table T77AW) is adjusted.
● You have shown the Org.Management button (transaction PFCG ® Goto ® Settings ® Complete View).
Assigning a Role Indirectly
1. Choose Tools ® Administration ® User Maintenance ® PFCG – Roles (transaction PFCG).
2. Choose Goto ® Settings ® Total View (Organizational Management and Workflow).
The Org.Management pushbutton is then displayed on the User tab page.
3. Specify the role that you want to assign indirectly, and choose Display.
4. Choose the Org.Management button on the User tab page.
The Role: User Assignment screen appears.
5. Switch to change mode, and choose the Create Assignment pushbutton.
The system displays the Select processor type dialog box, in which you can select some or all of the following object types, depending on the evaluation path:
position, job, organizational unit, position, work center, and user.
The assignments for the User object type are then completely identical to the assignments maintained on the User tab page.
6. Select the object to which the role is to be assigned.
7. In the following dialog box, select an available object (for example, using the possible entries help) and choose Create.
The assignments created in this way are called indirect user assignments, as they are not made directly between the user and the role.
These indirect user assignments are stored as gray in the user display and highlighted in color.
Status Display and Maintenance
The status display in the Org.Management button shows whether you need to update the indirect user assignments:
● Green: User assignments are current
● Red: User assignments are not current, the indirectly assigned users are not completely displayed on the tab page.
Comparing the Indirect Role Assignments
You have the following options to update the assignment:
● Choose Org.Management and then Compare indirect user assignment.
● Perform the manual user master comparison that also automatically updates the indirectly assigned users.
● Schedule report PFCG_TIME_DEPENDENCY periodically. This report performs a complete comparison, consisting of organizational management, composite role, and profile comparisons.
● Create a variant of report RHAUTUPD_NEW (transaction PFUD), in which the HR Organizational Management Comparison indicator is set on the selection screen, and schedule this variant periodically.
● Call transaction PFUD and set the indicator HR Organizational Management Comparison on the selection screen
This means that all indirectly assigned users for which the assignment has become valid on the basis of the assignment period are directly assigned to the role, and all directly assigned users for which the assignment has become invalid are removed.
No comments:
Post a Comment