Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Role to User assignment Synchronization

Former Member

‎2008 Oct 27 10:03 PM

0 Likes
2,403

Hi all,

We are implementing ECC 6.0 with HR, doing a position based security approach. We also have BI and SRM 5.5 in place. We are going to use EP 6.2 as a front end.

We expected to have several hundreds of users accessing EP and changing positions in HR. How can we synchronize Role to user assignment between portal and abap boxes, but from the abap side?, I mean, not creating authorization roles since this mean that Portal is controlling the user assignment.

User will be moving positions and getting new access on the backend system and they need to synchronize this with Portal

Any help will be highly appreciated.

Regards,

Juan

5 REPLIES 5
Read only

Former Member

‎2008 Oct 28 1:25 AM

0 Likes
1,283

Hi Juan,

Although Users log into Portal and access all the Content through Enterprise Portal, the actual Content is fetched from the Backend ABAP System (ECC, BI, SRM).

I think you cannot get away with out building roles and authorizations for the users in the backend systems.

You can have Portal roles and authorizations to display the Iviews in the Portal but the authorizations for the actual Content must be granted from the backend system.

The only way I can think of when Users are changing Positions and you want to make sure that they have the right authorizations is through HR Structural Authorizations in the backend system.

I think when ever a User changes his Position/HR title, You need to Sync the Portal UME Authorization Setup with the Backend HR structural Authorizations.

I know this is just a start and there may be some complexity in acheving it.

Hope this helps.

Regards,

Kiran Kandepalli.

Read only

Former Member

‎2008 Oct 28 2:24 AM

0 Likes
1,283

Thanks Kiran. I think I need to clarify what exactly I was referring to.

I understand all authorization are being done and handle on the ABAP/backend system, but my concern, due to the high rotation of users to positions, is how to have a single point of user to role assignment management, for instance, when a user is moved from position A to B on the org. structure, ABAP roles are being reassigned but I want the Portal roles for this user to be automatically updated as well.

Thanks,

Juan

Read only

fredrik_borlie
Contributor
In response to Former Member

‎2008 Oct 29 10:30 AM

0 Likes
1,283

You can do the portal assignment in many different ways.

You can use a LDAP directory as the enabler since the portal can use it as a source for user information.

You can also synchronise the backends with the portal

http://help.sap.com/saphelp_nw04s/helpdata/en/45/60a5f35a643be0e10000000a1553f7/frameset.htm

And of course, you can start using SAP Netweaver Identity Manager as the enabler for this, but then your solution will grow.

Check the Identity Management pages at SAP Help for very helpful information:

http://help.sap.com/saphelp_nw04s/helpdata/en/81/0e0f61b566dc44bbb4055b3ccd25be/frameset.htm

Regards Fredrik

Read only

Former Member

‎2008 Oct 29 2:45 PM

0 Likes
1,283

> 

> Hi all, 
> 
> We are implementing ECC 6.0 with HR, doing a position based security approach. We also have BI and SRM 5.5 in place. We are going to use EP 6.2 as a front end. 
> We expected to have several hundreds of users accessing EP and changing positions in HR. How can we synchronize Role to user assignment between portal and abap boxes, but from the abap side?, I mean, not creating authorization roles since this mean that Portal is controlling the user assignment. 
> User will be moving positions and getting new access on the backend system and they need to synchronize this with Portal 
> Any help will be highly appreciated. 
> 
> Regards, 
> 
> Juan

Juan,

What a coincidence, we are running ECC 6.0, SRM 5, BI, HR position base security with CUA and users through EP. And guess what we got it working here like a champ.

I'll try to layout our design and just let me know if you need details in certain areas.

EP u2013 The UME is pointing to the ECC 6.0 for user authentication.

- The EP group/role points to a ECC 6.0 backend role.

- iViews are displayed based on role assignments

ECC 6.0 u2013 Master CUA for SRM and BI

- Security Roles are assigned to Positions

- PDs are also assigned to Positions

- Critical nightly Job

- 1. SCUM to Local

- 2. RHPROFL0 for all Position with the current date as u201Ckey dateu201D

- 3. SCUM to Global

- 4. PFUD all roles

SRM & BI Roles u2013 Composite Roles with the child role pointing to the SRM or BI systems. We are using u201Cvariablesu201D to point the external system like SRM or BI.

SRM & BI are child CUA systems

Regards,

-John N.

Read only

Former Member
In response to Former Member

‎2014 Aug 14 9:19 PM

0 Likes
1,283

John, do you have any insight why would roles not show up on SU01 role tab after running PFUD in SRM system. I am assigning roles to Positions on Infotype 1001 subtype B007 and 0105 is also maintained.