CUA sync with child client issue for indirect role assignment.

Similar Messages

• Mass Change for Indirect Role Assignment

  Hi all,
  I am in the process of changing the company’s authorisations from a standard SU01 role assignment to a position based indirect role assignment.
  At the moment I am using PFCG going to the Org Mg button under the User tab then attaching the position that way.  Is there a way of assigning more than one role to a position at the same time?
  Is there a Mass Assignment option in PFCG or is there a separate transaction available to make this process quicker??
  Thanks for your help
  Ian

  you can mass-assign people and roles if you go to transaction PPOME instead of PFCG. to make role assignments from PPOME please apply note 578271 first. be careful whilst implementing this <insert nasty word here> note because some of those view-clusters tend to refuse to load your changes = you can see them, but they don't work - might be you will have to flush table buffers for the changes to take effect.

• Indirect Role Assignment Within CUA

  Hi Experts,
  Weu2019re implementing indirect role assignment in SAP HR and exploring the feasibility to include this client as part of CUA. Has anyone implemented this before? Appreciate if you could share.
  I understand that CUA able to distribute DIRECT role assignment made from central client to the child client(s), but not so sure if it is possible for INDIRECT role assignment approach. My previous project exclude client with indirect role assignment from the CUA distribution landscape and I wonder why.
  Appreciate your input in this matter and looking forward for further discussion.
  Best regards and million thanks in advance.

  Hi,
  So I worked on a CUA managed landscape that had systems that featured indirect org assignment hooked in.  The association between the User ID and the HR org based position was still maintained locally as the local system contained the HR Org structure, but direct access was still blocked by CUA The roles assigned indirectly were visible from CUA in a different colour.  You can still maintain users directly from CUA on top of this.  This may be an alternative to consider.
  If the local system does not contain the HR Org structure you are probably going to have to export the structure, so if that is the case you might as well import it to CUA if all org relevant users are maintained there and manage it centrally via the advised link anyway.
  Cheers
  Steve

• HR Indirect Role Assignment through HR ORG Distribution Model with ALE

  1) When i assigned indirect (position level security) roles in CUA(SolMan) using pfcg click on organization managment to position after that i did user comparsion but i can not see user id in user tab.
  2) If personel no is not the same as infotype 0105 assigned user, How do you check your Indirect role assignment If you are using soultion manger. We dont have PA20, PA30, PA48 t-codes in soulution mangers.our CUA a in Soultion manger .
  Help is greately appericiated. Thanks

  I created HR_ORG structure(HRMD_ABA) in dev (HR system-Sending system) and add filters according to help.sap document, generate partner profile using we20. After that I transfered org structure in CAU (SolMan-Non HR systems- Receving system) using ALE run (Run SA38 -RHALEINI) i think its working.
  Composite roles are reside in Dev (HR-system), For indirect roles assignment (position level security) i created composit role just only roles name and description with out tcodes and auth object in CUA (SolMan -Non HR system).
  For test position assigment, I run pfcg in CUA(SolMan) click on organization management  select position and click indirect roles assignment after that i did user comparsion but i cant not see users id in user assignment. Please let me know any helpful Suggession. Thanks for ur quick response..

• HR indirect role assignment

  If personel no is not the same as infotype 0105 assigned user, How do you check your Indirect role assignment If you are using soultion manger. We dont have PA20, PA30, PA48 t-codes in soulution mangers.our CUA a in Soultion manger . Help is greately appericiated. Thanks

  I created HR_ORG structure(HRMD_ABA) in dev (HR system-Sending system) and add filters according to help.sap document, generate partner profile using we20. After that I transfered org structure in CAU (SolMan-Non HR systems- Receving system) using ALE run (Run SA38 -RHALEINI) i think its working.
  Composite roles are reside in Dev (HR-system), For indirect roles assignment (position level security) i created composit role just only roles name and description with out tcodes and auth object in CUA (SolMan -Non HR system).
  For test position assigment, I run pfcg in CUA(SolMan) click on organization management  select position and click indirect roles assignment after that i did user comparsion but i cant not see users id in user assignment. Please let me know any helpful Suggession. Thanks for ur quick response..

• Indirect role assignment using HR org

  Can we use the indirect rôle assignement with thousands of users ? I mean is there any way to make a mass users assignation using this method ?
  Thanks!

  Hello,
  The switch for ORGPD is activated.
  Our organization's position and job categorization is be very generic, according to the functional requirements of HR department on OM. This department is new on SAP so they are unaware of the basis team's requirement/need for an "semi-automatic" role assignment. Moreover, the functional desing on OM is done beyond this need, and it's not considered to redo the design again.
  We would like to use the task object type to link the roles, any other "unused" HR ORG object, or if possible, a custom HR ORG object with custom relations with standard OM objects. This last choice would be the best from the point of view of the basis team, because this way we would not interfere in a future use of HR ORG standard objects.
  The idea is to distribute the role assignment between basis people and HR people. Basis people would link the roles with the selected object and HR people would link the selected object with positions, functions, employees,...according to their needs.
  Is it possible to use a custom HR ORG object for indirect role assignment? If not, is it possible to use task for this purpose? How it's done?
  Yours,
  jmiturbe

• HT1386 After syncing with itunes(windows), messages for one of the contact(I have saved the contact name as 'Unknown') are lost. I can see only few messages which fits to the screen. I don't see option to load earlier messages.

  After syncing with itunes(windows), messages for one of the contact(I have saved the contact name as 'Unknown') are lost. I can see only few messages which fits to the screen. I don't see option to load earlier messages.
  Can anyone help.

  Can anyone help on this?

• HT1296 Just updated to iphone 5 and cant Sync with Mac.  Asking for OS 10.6 and cant find it.  Current Mac OS X Version is 10.5.8.  Is there any more downloads I need to do in order to sync new iphone 5?  Thanks

  Just updated to iphone 5 and cant Sync with Mac.  Asking for OS 10.6 and cant find it.  Current Mac OS X Version is 10.5.8.  Is there any more downloads I need to do in order to sync new iphone 5?  Thanks

  http://www.apple.com/iphone/specs.html
  Syncing with iTunes on a Mac or PC requires:
  Mac: OS X v10.6.8 or later
  PC: Windows 7; Windows Vista; or Windows XP Home or Professional with Service Pack 3 or later
  iTunes 10.7 or later (free download from www.itunes.com/download)
  Also included on the retail sales box.

• Ran CATT Script for the role assignment to users

  Hi All,
  I have ran ECATT script for doing role assignment in QAS and completed successfully. I did this through CUA. What is the next step after running catt script? Do I need to doing anything with PFUD in each child system? Because I checked in the child systems many derived single roles are not generated in QAS.(RED). Is it because of running catt script or it might have came like that only from development? Please advise..
  Regards,
  Masood

  >
  Salman123 wrote:
  > Please let me know how should I proceed from here
  Hi,
  I have told you why the error message is there.  What do you not understand about the resolution? Your parent roles are out of sync with the child roles so you need to re-sync them.   An example of how do do this is to "adjust derived" from the master role.  Only when you have done this will your roles be in sync again.

• Indirect Role Assignment

  I am adding roles to positions using indirect role assignment, when adding the role to the position I am prompted to carry out a reconcilliation of indirect user assignments, receive message 'Indirect user assignments ok'  so then I've run PFUD.  When I check both the role and the user I cannot see the role attached to the user, but the role is listed in the 'Relationships' in PP01.
  A new organisation structure has been created, when I click on the drop down at the 'change agent assignment' the old organisation structure is displayed.  Any suggestions please how I can select the new organisation structure?
  Thanks

  Hello Anthea,
  to pass on a role from a position to a SAP user id I would suggest the following.
  Go to transaction SA38 and run report RHPROFL0.
  Some notes on the report and report selections.
  The report can be used to eveluate and assign roles from HR objects to SAP users. The report starts reading at a given HR object along an evaluation path. It then updates the SAP user found with authorisation roles.
  Selections:
  You have assigned the roles to a position therefore you should select object type S.
  Then put the position number in the Object ID.
  The key date is hopefully self explaining.
  The evaluation path might have defaulted to PROFL0. That would be the correct one.
  The program has a test mode. I suggest you run the test mode first. It will tell you what the program would change in an actual run.
  In the next selection box - "Generate authorization profiles"
  You might leave the ticks in the boxes:
  - Standard authorizations
  - PD authorizations
  That will generate profiles if they aren't generated yet.
  Next selection box - "Delete manually maintained authorisation profiles"
  Leave the tick boxes blank if you have any direct assigned roles.
  If you tick the boxes all roles and profiles directly assigned to SAP user ids will be deleted.
  In section "New Users"
  There is a tick box "Generate".
  If that box is ticked the report will create new SAP user IDs for all occupied positions with roles but without SAP user ID on the Employee record.
  You might leave that box unticked for the moment.
  I suggest to create the application log --> Last tick box on the selection screen.
  Some general comments at the end.
  The report RHPROFL0 might be scheduled in production systems if indirect role assignments are used. Depending on your needs make sure that the deletion of manual assigned profiles is activated or deactivated.
  If you do not enter an object id, the report will run for all object ids.
  A further note on the indirect setup.
  If roles should be passed on from a Position to a SAP user id, it is important, that the following conditions are fulfilled.
  The Position is valid/active as of the report key date.
  The position has a holder at key date.
  The holder has an assignment of a valid SAP user ID at key date. Infotype 0105 subtype 0001 for object type P.
  The Roles on the position are valid at the key date.
  I hope that helps solving your issue.
  Best regards
  Karsten

• Indirect role assignment using HR-ORG, any concern

  May someone share their view or experience on indirect role assignment using HR-ORG, i.e. assign role to HR position or org unit instead of user.
  Here are some of my concerns:
  1. HR data is maintain by HR staff and their task should be separate from authorization/user assignment.
  2. When using with CUA, distribute HR structure to CUA parent system is not acceptable because HR data is sensitive.

  Well I think the Position and User are created by the functional consultant, but the authorization you are talking about is taken care by the BASIS consultant.

• Indirect role assignment- PO Release strategy  roles

  Hello,
            I am in the midst of creating PO release strategy roles for implementation and trying to figure out if indirect role assignment / position based assignment would be a good idea for these roles. The reason- there are 35 release codes.
  I am pretty new at using indirect role assignment but do understand a bit about the evaluation paths. We are not implementing SAP HR so there will be no usage of infotype 105. The role will be assigned to the position and then the position to the user ID. The HR Org structure is in place (atleast for the PO release workflow).
  Is this a good idea?
  There is one other think that stumped me. One of the functional consultants (who is also part of business) has asked me why we can't use indirect role assignment for all function (purchasing, sales, finance etc.).  For one, i know with so many users assigned to positions and then indireclty to roles, the overhead would be too much and complex and then the problem with the evaluation paths.
  But i am not convinced myself that this is the best explanation to give...
  Any ideas on how to put it through correctly?
  Regards,
  Prashant

  Hi Prasanth,
  I also had a similar requirement, but since there are multiple release codes, and limits, we ended up with a custom solution, since it is a bit tough when it is required to manually assign the authorization to a person who is in a seperate job role.
  We have used a custom user exit, and all the values were stored in a custom table which contains Sales Organization, User, Lower limit, Upper limit, Division, and Release codes information etc.,
  We have further created a custom transaction code that reads information from the table and authorizes for the upper, and lower limit of approvals along with the company code/release code authorzation checks.
  Hope this helps!!
  Regards,
  Raghu

• HR-ORG - Indirect Role Assignment

  Hello
  We are designing the role & security strategy in a new implementation project. The best security strategy seems to be an indirect role assignment via SAP organizational structure. We've looked for some information about that, but we have some doubts about it (we have downloaded "HR-ORG - Indirect Role Assignment" and "User & Roles" files from SAPNet).
  The organizational structure will have a lot of leaves named "explotacion". Every leaf will have a different company code, sales organization, sector and so on... On the other hand, it's a requirement that a user obtains automatically its roles when its moved through organizational structure.
  Our plan consists in create several primary roles (for example, sales manager). Then we will create a lot of derivate roles which will inherit all authorizations from the parent role. However, it shouldn't inherit organization field values... Then, when this role is assigned to a position, this role should obtain all organizational field values (company code, sector, ...) from our organizational structure.
  Is it possible? How can we do that?
  Best regards,

  As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
  Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
  I have not had much experience in implementing these but that maybe worth a look.
  Simon

• Indirect Role Assignment in My SAP SRM

  Hello,
  I am trying to do a Indirect Role Assignment in My SAP SRM.
  In my ECC system we have done it through PFCGgotoOrg Mgmt---assign positions and then reconcilitaion
  in HR master data the Sap USer ID is communication through infotype 105
  but in My SAP SRM I need some help on how to do that...
  as HR master data does'nt exist in my SAP SRM..
  so can you please tell me how to do that.
  -Thanks
  Sam

  Hi Its done the same goto PFCG, user tab >org assign > select the position and reconcile, once done do a PFUD then goto PPOSW fine your position and you will see the role assigned to that position then goto su01 to make sure the role has been assigned there to.

• Indirect Role Assignment with HR-ORG in a system landscaper with CUA

  Hi all,
  we have 2 SAP systems:
  1) SAP ECC6 (with composite roles)
  2) SAP HR with PA and OM
  We would like to assign SAP ECC6 roles through HR-OM.
  Since HR-OM is not on the same ECC6 system, we would like to try the logic: HR-OM -> CUA -> ECC6
  There are several documents that describe this situation (ex. SCUR351).
  From PFCG point of view, we should create a composite role in CUA system which include simple roles of child system.
  If we try to create a composite role in CUA central system, we can insert only simple roles available in central system (and not in child).
  Any experience on this scenario ?
  Pros vs cons ?
  Are the different possible scenarios ?
  Many thanks...
  Andrea

  Whole idea of CUA is to manage your roles and users centrally, on the contrary you can manage the roles/profiles by setting up the attributes for the CUA thorugh Central user Management console - SCUM Transaction.
  CUA has its own pros -
  Central rep,Users Sync,Role Provisioning statergy - Global composites(consists of individual child roles) Distibuted model -Provisioing at individual child systems for roles, etc.Central user store,easy maintenance.
  on the contrary - change documents is always a concern ( because cua uses - interface Ids or the RFC ids to push the idocs from cua to child system), CUA maintenance while system refresh - Copied distribution models have to be deleted and re-created, system backups has to be defined per you distribution model, password maintenance if defined global then Child systems act as inactive nodes, reading the roles into cua which are created in childs so as to establish a pointer to that system.
  It also depends on the number of systems you have in your landscape so that you can calculate the overhead and then have a Go -no-Go decison on CUA.
  Overall, I consider CUA as a good approach provided we streamline the process of provisioning, de-provisioning per the cua standards.
  Rakesh