Assign MSS role directly from position

Hello Experts,
Can anyone please detail how MSS role can be auto assigned by moving a person into a Chief Position in the org structure? Please list the steps that would need to be performed as right now we are using GRC to request Mss roles for managers. Speedy responses would be highly appreciated! Thank you!

through the code, u have all the flexibility assigning the required roles or may be u can set the process with some workflow and upon approvals may be security can do needful or may be u can automate the process. I am not exactly sure how others are doing, may beSiddharth Rajora or Jwala ESS MSS or Andy Goris can guide you

Similar Messages

  • Assign MSS role

    Hello Everyone,
    I am working on HCM forms and processes. I have following issues. Dont know if this is the right place to ask the following questions.
    u2022     Activate backend services: HCM_ASR_CI_1 and HCM_ASR_CI_2
    u2022     Assign the MSS role version 14
    I have activated the backend services but dont know how to assign MSS role version 14. Can some one please help me how and where do MSS role version 14 is assigned.
    Thanks a lot in advance.
    Regards,
    MA

    Hi,
    You can assign the MSS portal role in the identity management in the portal (you need to have the user admin role) : [Assigning Roles to Users and Groups|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/ac/e0c1d5828b4e8e903c29a250a611ca/frameset.htm].
    Regards,
    Pierre

  • Assigned User Role Mirgation from EP 6.0 SP2 to SAP NW2004s (EP 7.00 SP7)

    Our users are stored in LDAP and their role assignment is driven by the roles assigned to the groups. For example...
          Manager Group : MSS and other role assigned
          Employee Group : ESS and other role assigned
    but some users are assigned additional roles not driven through groups, for example, some manager may have business specific reporting role assigned to them. In this case, the assigned role did not move to EP 7.0 because the role assignment information is stored in the portal database (Oracle)  for EP 6.0 SP2 and the new EP 7.0 portal database (Oracle) does not have that information since we did not use migration tools for the upgrade.
    Is there any way I can extract the roll assignment information from EP 6.0 SP2 and upload them to EP 7.0 database since both environments have identical roles and we are using the same LDAP for both environments ??

    Our users are stored in LDAP and their role assignment is driven by the roles assigned to the groups. For example...
          Manager Group : MSS and other role assigned
          Employee Group : ESS and other role assigned
    but some users are assigned additional roles not driven through groups, for example, some manager may have business specific reporting role assigned to them. In this case, the assigned role did not move to EP 7.0 because the role assignment information is stored in the portal database (Oracle)  for EP 6.0 SP2 and the new EP 7.0 portal database (Oracle) does not have that information since we did not use migration tools for the upgrade.
    Is there any way I can extract the roll assignment information from EP 6.0 SP2 and upload them to EP 7.0 database since both environments have identical roles and we are using the same LDAP for both environments ??

  • Incorrect authorization when assigning a role to 2 positions

    I am assigning a role in role manager (/isdfps/role_manager) to 2 different positions in the org structure. Position 1 has plant 1000 and position 2 has plant 2000. User A is assigned to position 1 and user B is assigned position 2. When user A signs on he gets access to plant 2000 instead of plant 1000. It appears that whatever the last position the role was assigned to is what the user has access to when he signs on. The user should get access to whatever org values he has in the org structure. Appreciate any help.
    Bob

    Kiran,
    Thanks for the response. This problem is in ECC 6.0. We are using the organization structure to populate the org levels. A role is assigned to a position in the org structure and the corresponding org values are populated. You are supposed to be able to assign the same role to many positions in the org structure. The problem is that the org values of the last position that you assign the role to are what is populated. If user A has plant 2000 and user B has plant 3000 in the org structure that is what they should have in their user buffer at sign on. The problem is that both user A and user B have plant 3000. Any help would be greatly appreciated.
    Bob

  • Automation of assignment of ESS & MSS roles

    We are implementing ESS and MSS as part of our global HR implementation. What i am thinking of is to look for methods to automate the assignment of ESS role once the HR master record is created for an employee and MSS role once the chief relationship is established for the corresponding org unit.
    Does anyone out in the field had done anything similar? If so,could you please share your experiences/lessons learned etc??
    Thanks
    Sarada Ganti

    You have not mentioned the method of role assignment, ie direct/indirect so I assume you are using both.
    You can automate the role provisioning without any problems for ess roles  directly assigned to the ess user in SU01 - this is because the steps involved are easier to script.
    Problems arise when automating the role provisioning for mss users that are indirectly assigned to their mss role through the position.  The steps for administering indirect role assignments are not so straight forward and involve the running of RHRPROFL0 which needs to be maintained with key parameters to link the mss role to the position that the new manager is assigned to.
    In the end we decided not to use indirect assignments because of this reason.  The various scenarios was too difficult to script for the provisioning tool Tivoli (ITIM)
    Hope this helps.
    Regards
    Charmaine

  • Assessment - Planning Page will not show in Custom MSS Role

    I have gone through the Notes/Docs for setting up OBN for Performance Management and have implemented the same.
    Now if I go to the Standard MSS role and try to open up Assessment > Click on 'Create' for Succession Planning, it works fine by showing up the Talent Assessment window where it can be completed.
    Now, we have a custom MSS role copied from the standard one and I have included the same Talent Management workset (with the page, folder inside - just like the standard role).
    But when I try the same scenario as above (Z_Manager_role > Talent Management > Assessment (from Service Map) > Click on Create under Succession Planning), I get the following error.
    There is no iView available for system "SAP_ERP_HumanResources": object "employee". For more information, contact your administrator.
    Why would it work on the standard role and not the copy? Any directions highly appreciated.
    FYI. We are on 7.01 SP8, SAP_MSS  600 SP18
    Thanks,
    BR
    Edited by: BR on Oct 5, 2011 12:38 PM
    Edited by: BR on Oct 5, 2011 12:39 PM

    Thanks Sidharth.
    Sorry for not getting back earlier. I had opened a message with SAP. It looks like the problem has to do with Navigation Targets in my custom MSS role - so that is narrowed down now.
    The following prerequisite applies: You must include the navigation targets (for the portal pages mentioned below) in your role.
    pcd:portal_content/com.sap.pct/line_manager/com.sap.pct.erp.mss.bp_folder/com.sap.pct.erp.mss.14.bp_folder/com.sap.pct.erp.mss.14.pages/com.sap.pct.erp.mss.hcm/com.sap.pct.erp.mss.appraisal_document_wd_ui
    pcd:portal_content/com.sap.pct/line_manager/com.sap.pct.erp.mss.bp_folder/com.sap.pct.erp.mss.14.bp_folder/com.sap.pct.erp.mss.14.pages/com.sap.pct.erp.mss.hcm/com.sap.pct.erp.mss.appraisal_document_pmp
    How do I include these navigation targets in my custom MSS role? I mean these pages are not part of the role.
    Thanks,
    BR
    Edited by: BR on Oct 14, 2011 11:46 AM

  • Evaluation path for MSS role

    Hi all,
    Is there a way to assign MSS role dynamically to an employee if he has employees reporting to him?
    We have got to know that this can be achieved by configuring some evaluation path.
    Any pointers would be appreciated!
    TIA!

    Diana,
    Where actually do you assign the roles ,is it in the portal or you have a CUA system where all the role maintenance is done over there.if second one is true you can write a custom program and assign the role by checking the direct reportees
    Thanks
    Bala Duvvuri

  • ESS and MSS role assigned to position

    Hi,
    I have to find out that wheter the  ESS Role is  assigned to a position .I have to display  (Y/N)   (Details 'Y' if ESS Role Assigned, 'N' if no ESS role is assigned) To have a 'Y' it must be an active role
    Is MSS Role assigned to a position .I have to display (Y/N)  (Details 'Y' if MSS Role Assigned, 'N' if no MSS role is assigned)   To have a 'Y' it must be an active role.
    Kindly let me know how to do it.I am a abap developer and new to HR module.
    Thanks !
    Sachin Sharma

    hi
    you can check the user id assigned to the position ,
    the correct procedure would be to use Logical database and HR function modules to retrive the poistion code and user id
    position code can be taken from infotype 1 and user id can be taken from infotype 105 , once u get the user id , then you can check the roles that are there , in your case it might be custom roles , you can hard code the role name for that matter to query the same.
    Hope this gives you a clear idea.
    Regards
    sameer

  • SAP user assigned with roles from HR-ORG incorrectly

    Hi All
    I have an issue where a SAP user appears to be receiving role assignments from some HR-ORG object erroneously.
    I have checked the user's HR positions and organisational assignments and they do not have any roles assigned.
    I also checked the job and no roles are assigned there as well.
    Where could these roles be coming from if they are not coming from the position or org unit?
    User currently has direct role assignments in SU01 except for 3 roles which appear as indirect assignments (HR assignments) in SU01.
    Is this is a bug and is there a note to fix it?
    Please could someone let me know why this is happening.
    Thanks
    Ran

    Hi Colleen.... Thanks for your email.
    Please see below screenshot, it is an Org assignment but single roles also belong to composite roles.
    PBS is not meant to be active and PFUD is scheduled as a daily job. CUA is not active here.
    User is assigned to a position and org unit but roles are not provisioned via the Org/position. So there is a 0105 mapping, I have checked those positions and org units but no roles are assigned there.
    Basis release 731 and level 0005, SP - SAPKB73105.

  • Assigning authorization role to position in PP02 (SRM 5.0) not working

    Hi,
    We've run into a problem in our SRM 5.0 system that we're not sure how to solve.
    We defined a role where we only set the BBP_APPROVAL_LIMIT attribute in the Personalization tab. It has no other transaction authorizations.
    When we assign this role to the user directly the user inherits the BBP_APPROVAL_LIMIT as expected.
    When we attempt to assign this same role to a position through PP02 and run the PFUD, the attribute values are not transferred to the user personalization attributes.   Doesn't matter what we do, we can't seem to be able to get it to work.
    Does anyone one have any experience with this that they could share?
    Regards,
    Jerry Martinek

    Hello Yann,
    Thank you for the reply.
    This is one of the things that I'm trying to confirm which is whether it can be done. I was told that it does work and that they use PP02. But as we can't get it to work I wanted to know if anyone else is using this process and if yes, how do you do it.
    If people mainly use the explicit user assignment via PFCG, do they manage it manually or systematically?
    Thanks,
    Jerry

  • Remove role or user from position

    Hi all,
    we are on ECC 6.0; we are using indirect role assignment. We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
    eg. remove user 123456 from position 50000001 and user 654321 from position 50000002 in one shot.
    We have found the standard SAP program RHRHDC00 (RE_RHRHDC00 transaction) but is not designed for doing that.
    There's another standard program/function or... for solve this matters?
    Many thanks.
    Massimo

    We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
    There is a report called RHGRENZ2 which can be used to delimit specific OM infotypes (like IT1001- Relationships) specifying the end-date and Position ID (Object Type S and Object ID= Position) manually. In your case, I believe IT1001's Relationship A008 and B007 have to be delimited in order to remove a user (US) or role (AG) from a position (S) but this report cannot be run for specific relationship types of IT1001 (atleast I did never find an option to filter based on relationship types).
    You can try using report RHRHDL00 to delete IT1001 relationships from PP Database but you should consider the consequences of such deletions and restrict the selection based in infotypes and relationship types carefully.
    Alternatively, you can also build a LSMW script to automate the process of mass delimit/deletion of IT1001's relationship types using transaction PP02 (PP01 is not compatible to BDC/background processing)
    Thanks
    Sandipan

  • Role info not appearing once role assignment request is submitted from UI

    Hi Everyone,
    We have a strange problem in our project in IDM 7.2 SP8 where IDM role concept is used which contains privileges (could be role/profile) of backend systems.
    Usually when ever a role (i.e IDM role) assignment request is submitted from UI, the activity with the associated info (like user details, role details, audit ID) should be stored in MXI_LINK table from where the info will be fetched and used in next stages of the processing
    Even though the information is getting available for most of the cases for all users but some times for few users once the role assignment request is initiated from UI there is no info is getting available in MXI_LINK table corresponding to this activity which is strange.
    Because of this problem even though user submits role assignment request no role info getting passed to IDM, set to pending state for the user which is getting meaning of user not submitted any role assignment request at all.
    Can any one suggest what are the things that gets involved between these two steps and any troubleshooting hints are highly appreciable.
    Regards,
    Venkata Bavirisetty

    Is this a situation you recreate at will? In other words, is it always happening on the same users? If so, you could put a trace on that user's account then try to add the role and see what that trace log shows. Additionally, you could just follow the links in the chain of the various tasks that kick off when you do a role assignment and check each task / job's job log and see what that tells you. There's got to be an error somewhere along the way that's preventing this from executing properly.

  • Assign Portal Roles from R/3

    Hi all,
    We've here an EP6 SP14 SR1 with R/3 as data source, this R/3 is used to ESS and MSS implementation on portal. The users are created at R/3 using SU01 and then Logon portal with  this same user. But we've to assign portal roles with portal administrator to have access to menus in portal. There's a way to, when create user in backend we can assign automatically portal roles to the user ?
    We do not have CUA neither LDAP.
    Thanks a lot for help.
    Best Regards,
    Pedro Rodrigues.

    Jörg,
    Thanks a lot, that's very helpfull, now I can see the roles in portal groups. But, we need to use dataSourceConfiguration_r3_rw.xml because when user have to change his own password first time they enter in portal.
    How could we got this authorization ?
    Could we assign to pfcg roles that we pretend to use this authorization ?? What authorization is it ??
    Thanks,
    Best Regards,
    Pedro Rodrigues.

  • SAP R/3 : Indirect Role assignments - Is position unique to every user?

    Hi.
    While am exploring /learning SAP R/3 roles and auth, I would appreciate if I could get clarity on the following :
    This  link on SDN on Indirect role assignments are very informative.
    http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/f03e6f6c-8c16-2a10-1581-ed8812e2effe
    This link is also more explanatory : http://my.affinitext.com/public/book/5442/-1/1423831
    So if my understanding is correct, it is better to assign roles - indirectly by position, so that if an employee's position changes, his role can be removed, based on position again ??? And somewhere we are linking with infotype 105.
    My only doubt is : if we are going to assign roles by position and remove the roles by position, so that as the position of an employee changes, the previous roles become null and void and new roles can be assigned as per new position.
    So would like to know :
    as to whether this position number which we see from PA20, is unique to every user on the system ?
    So that, if there is a need to remove a role based on postion, we could remove the role from PO13;
    BY doing that, then will it not affect other users ?
    Can somebody help me understand this.
    Because if i want to see the effect immediately, if i go to PFUD and put the role name and say execute, i see that the role which was removed from PO13 is gone immediately from the user.
    Many thanks
    Indu
    Edited by: Indumathy Narayanan on Nov 22, 2011 9:25 AM

    GOT IT THANKS.
    Hi Prashant.
    Good morning and wishes.
    Can you please help me understand this.
    I understand from HR person that position is uniquely defined (from hire to retire)
    and roles are generally given based on position.
    However, I see a person : whose roles have been assigned as per position all these years.
    He had 2 roles in project A. He now moved into a different project B.
    But. when i check, i still see the roles - reflecting on SU01  & well as in the tab of user of the role X under pfcg.
    BUT when i check PO13 - and put the position / relationship and say overview.
    I dont see the roles at all there.
    Why this is so.  Why the discrepancy on different screens.
    Also How can I get a confirmation that - these roles are actually removed and is not there for the user.
    Rather.
    How could the removal of roles based on position become completely effective on the system.
    So that all screens display the same information.
    Also would like to know - whether it is ok to remove the role expiry date directly from PFCG/ROLE Display/user tab/select user/
    and then make the role invalid or expired / or extend the expiry.
    Many thanks.
    Indu
    Edited by: Indumathy Narayanan on Dec 7, 2011 12:09 PM
    Edited by: Indumathy Narayanan on Dec 7, 2011 1:42 PM
    Edited by: Indumathy Narayanan on Dec 7, 2011 5:17 PM

  • Assignment pfcg-role to user and assignment pfcg-role to business role

    Hello, Gurus!
    What is the difference between direct assignment pfcg-role to user and assignment pfcg-role to business role? What is the effect from assignment pfcg-role to business role?
    As  I see authrizations from pfcg-role assigned to business role have no effect to user...
    Best regards,
    Artuк Litvinov.

    Artur,
    The business role assignment does not give a user that PFCG role.  Instead it is just a mapping table and does nothing more. 
    Therefore that UIU_COMP auth object must exist in the PFCG roles assigned to the user in order for them to use the webclient.  In your scenario let's do the following:
    You have pfcg roles:
    RA
    RB
    You a have business role
    B1
    You have users:
    Joe
    Jack
    Business Role B1 is assigned to role RA which contains UIU_COMP.
    User Joe gets business role B1 and roles RB which does not have UIU_COMP.  This will not let him use the webclient.
    User Jack gets business role B1 and pfcg role RA.  This will work because everything is there.
    This means you need both the correct PFCG plus business role setup to make it work properly.
    Take care,
    Stephen

Maybe you are looking for

  • Do I need to backup my Mac?

    I have a Macbook Pro Retina and i've just discovered a small chip in my screen. Since it's still under warranty I'm going to get the screen repaired. Do I need to back it up? I don't have any way of backing it up so before I go out and buy an externa

  • SSL Handshake Error in Android (ADF Mobile)

    Hi Guys, Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working. Log from Android is 09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framew

  • Solaris volume manager and RPC

    I'm trying to run as few services as possible? Does anybody know if there are dependencies between Solaris Volume Manager (formerly DiskSuite) and rpc? I know that Solaris Volume Manager uses something called rpc.metamhd, but I'm not sure if this req

  • Reports empty SCSM 2012 SP1

    Hello i have integrated  the component of datawahrehouse SCSM 2012 with my management server. But when i try to generate a report of list of inccident for example , it display me an empty report , i have tried to change some parameter (date , timezon

  • MAC-Based VLAN Assignment

    Hi everyone, We have switches configured with 5 VLANs, and would like these switches to authenticate to a RADIUS server with a client's MAC address. Based on the client's MAC address, need the RADIUS server to tell the switches which VLAN to use for