Home TORC: The OneRoleConcept TORC and IdM SAP HCM Security SAP HCM Solutions About KNUZEN Contact Information
KNUZEN   SAP HCM SECURITY
Set up a HCM authorization soultion, where you decide when structure authorizations are part of the context or not. The business roles have different security needs. You can with this solution decide when structural authorizations are used.
The business roles have different needs for segregation, some roles such as payroll needs a segregation on country level, other roles needs an segregation based on the organisational structure.   The Business Needs The business needds different segregation options for differnt business roles. For payroll roles you will normal see a segregration on the country level. For other roles such as for managers or HR business partners you will see a segregation based on the organisational structure where sectors or divisions dictates what a user is allowed to access or not. But with the restriction of structural profiles we have issues with expatriate and departments which is cross country based. To grant access to employees who for what ever reason is not assigned in the supposed sector or division will end up with a ticket stating the personnel administration does not have access. The use of more and more matrix based organisations gives issues for segregation because it demands a high flexibilkity on the security concept. especially for those who is using the context based authorizations (where normal roles are combined with structural authorizations) The Technical Solution In SAP HCM we have two options as primary authorization object for segregation. The P_ORGIN which is the old authorization object for HCM based on infotype, subtype, personnel area, employee group and subgroup + organisational key. The new authorization objects P_ORGINCON is the context specific where an additional filed has been added. This field is the structural profiles. Whit this set up you can control the access of specific infotype, subtype, employee group, subgroup, pers. area, org key together with the exact objects delivered from a specific structural profile. So you can have many structural profiles assigned to your user but for the P_ORGINCON it is only the profile entered and those objects the profile is delivering, which will be used in the specific P_ORGINCON object. We have in TORC: the OneRoleConcept created an solution for the payroll, compensation,  and time administrators who needs access to run RPCALC, PECM_CREATE_0758 - Create Compensation Program Records or RPTIME00 time evaluation for employees restricted to certain sites or regions with no restriction from where the employees are assigned in the organisational structure. This set up allows you to switch off the structural authorizations for those business roles where you don’t need this check or where the structural athorizations are a burden. At the same time it allows you to use a full blown context based authorization control with structural authorizations for those business roles where this is needed so the solution is highly flexible and does not restrict you from using the structural control at all.
1: home
2: knuzen_curriculum_vitae
3: The SAP HCM Authorization concept: The OneRoleConcept
4: RCAT: The RootCauseAnalysisTools related to the OneRoleConcept
5: contact.htm
6: SAP_HCM_OVERVIEW
7: Business Control with OneRoleConcept
8: The Details of the OneRoleConcept
9: SAP_HCM_SECURITY_AND_PERFORMANCE
10: The OneRoleConcept Business benefits
11: SAP HCM transit position in Om as DMZ for transfer activity
12: SAP HR structural authorization for multiple parts of the organisation.
13: LSO and PD Catalogue control
14: Knuzen Substitute/ Deputy solution for line managers
15: Enterprice, personnel and organisational structures in SAP HCM
16: sap_enterprise_structures_revisited
17: Clean up SAP Organisational Management
18: Consistency check of SAP OM and PD tables
19: SAP HCM combined with personnel development functionality
20: Optimize the System Performance with indexing structural authorizations: RHBAUS00
21: Identity management with the use of SAP HCM attributes
22: organizational_key_vdsk1
23: master_derived_composite_sap_roles.htm
24: Standard tools for identifying SAP HCM authorization issues
25: Enhance the layout of PPOME and PPOSE the organisational structure
26: Enhance the existing PD model and use it for personnel development
27: To be structural restricted or not to be... thats the question
28: Automate your SAP solution and avoid errors and business break downs
29: SAP HCM Authorizations and performance
30: design_support_organisations_1.htm
31: design_support_organisation_2.htm
32: design_support_organisation_3.htm
33: Upload Documents on your employees
34: Upload Documents on your employees
35: Upload Documents on your employees
36: The role assignment can be used for compliance check and license control.
37: Upload Documents on your employees
38: Upload Documents on your employees
39: Upload Documents on your employees
40: Upload Documents on your employees
41: Data Model for E-ercruiting and Tips & Tricks
42: Upload Documents on your employees
43: Upload Documents on your employees