Home TORC: The OneRoleConcept TORC and IdM SAP HCM Security SAP HCM Solutions About KNUZEN Contact Information
KNUZEN   SAP HCM SECURITY
SAP HCM Business Control OneRoleConcept Master derived Role Concept Functional and Organisational Role Concept
The OneRoleConcept The OneRoleConcept is based on either organizational and functional roles or Single Roles for minimizing the number of roles to a minimum. For one of our global customers, with sites on all continents including 6 service centers, we managed to reduce the number of roles from 1500 to 17. For those roles, which could be requested by the business we only had 37. The number of roles is crucial for the simplicity. For keeping focus on simplicity we aimed at having transactions represented in one functional role only. This customising target today helps the support organization during operation when they are searching for roles to a user, or when auditors or internal compliance needs to control the roles and their users. The Functional & Organisational Role Concept Functional role (What can I do) is a role, which grants you access to transactions. As a thump of rule the transactions should only be available from one functional role and the functional roles should be created so they consist of flexible building blocks which can be used again and again. The main benefit of reusing the functional roles is to limit the amount of roles and to be in charge of a portfolio of building block roles which can be reused each time a request for a new business roles arrives. There is no master data access granted through the functional roles. Organisational Role (Where can I do it) is based on a role which grants access to master data In the OneRoleConcept there is only one organisational role per business role, which again keeps the number of roles to a minimum. The Organisational role controls the access to sensitive and non sensitive data for different business roles and can be customised for each business role. The Master & Derived Role Concept Master roles (What can I do) Master role also known as template role is a collection of task, which is executed according to a process. The role is a group of task, which must be conducted to execute the proces steps. The master role does not contain any information regarding organizational assignment. The forcus of the maser role is what you are supposed to do and not where. The master role in SAP HCM contains information about objecttypes, infotypes, reports, services and transactions. Derived Role (Where I can do it) is based on the masterrole and inherites all the ”what’ can I do”. The derived roles also tells you where you are supposed to do what. The derived roles are organizational dependent. Derived roles can be assigned directly to users or used as building bricks for composite roles. The use of Master-Derived roles for the OneRoleConcept is not usefull since you would instead create single roles where each of the roles represents a business role. This single role will then be controlled by the ruleset, which grants you access to those employees they are supposed to have access to. When a security concept is created you must secure it is documented. Whether you choose master -derived or the functional/ organisational role approach you must make sure the concept is described together with the business. The business will have a continous impact on the role concept through request of new transactions or access changes for specific business roles. If the security is being left as an pure IT operational task is will slowly but for sure get out of sync with the business demands.
SAP HCM Security
1: home
2: knuzen_curriculum_vitae
3: The SAP HCM Authorization concept: The OneRoleConcept
4: RCAT: The RootCauseAnalysisTools related to the OneRoleConcept
5: contact.htm
6: SAP_HCM_OVERVIEW
7: Business Control with OneRoleConcept
8: The Details of the OneRoleConcept
9: SAP_HCM_SECURITY_AND_PERFORMANCE
10: The OneRoleConcept Business benefits
11: SAP HCM transit position in Om as DMZ for transfer activity
12: SAP HR structural authorization for multiple parts of the organisation.
13: LSO and PD Catalogue control
14: Knuzen Substitute/ Deputy solution for line managers
15: Enterprice, personnel and organisational structures in SAP HCM
16: sap_enterprise_structures_revisited
17: Clean up SAP Organisational Management
18: Consistency check of SAP OM and PD tables
19: SAP HCM combined with personnel development functionality
20: Optimize the System Performance with indexing structural authorizations: RHBAUS00
21: Identity management with the use of SAP HCM attributes
22: organizational_key_vdsk1
23: master_derived_composite_sap_roles.htm
24: Standard tools for identifying SAP HCM authorization issues
25: Enhance the layout of PPOME and PPOSE the organisational structure
26: Enhance the existing PD model and use it for personnel development
27: To be structural restricted or not to be... thats the question
28: Automate your SAP solution and avoid errors and business break downs
29: SAP HCM Authorizations and performance
30: design_support_organisations_1.htm
31: design_support_organisation_2.htm
32: design_support_organisation_3.htm
33: Upload Documents on your employees
34: Upload Documents on your employees
35: Upload Documents on your employees
36: The role assignment can be used for compliance check and license control.
37: Upload Documents on your employees
38: Upload Documents on your employees
39: Upload Documents on your employees
40: Upload Documents on your employees
41: Data Model for E-ercruiting and Tips & Tricks
42: Upload Documents on your employees
43: Upload Documents on your employees