{"id":1672,"date":"2013-11-04T07:38:54","date_gmt":"2013-11-04T07:38:54","guid":{"rendered":"http:\/\/sapsecurityanalyst.com\/WP\/?page_id=1672"},"modified":"2015-05-03T07:29:36","modified_gmt":"2015-05-03T07:29:36","slug":"indirect-assignment-of-roles","status":"publish","type":"page","link":"https:\/\/sapsecurityanalyst.com\/WP\/indirect-assignment-of-roles\/","title":{"rendered":"Indirect Assignment of Roles"},"content":{"rendered":"

 <\/p>\n

We know how roles are assigned directly to user id via SU01 tcode. This is called direct assignment of roles to the user.<\/p>\n

There is one more way by which roles can be assigned. This is done by assigning roles to a Position and then assignment of that position to the user id. This advantage of using this process is that it helps in reducing the overhead of assignment or removal of roles from user if he\/she changes position. This process is referred to as indirect role assignment or position based role assignment.<\/p>\n

Suppose a user A is assigned to position P1 and after some time moves to a different position P2 (due to promotion or change in responsibility or change in department etc). He automatically loses all his previous roles which was meant for position P1 and he gets new roles for position P2 (since he has been assigned to position P2 now).<\/p>\n

** Point to be noted – For this indirect role assignment to work, some prerequisite needs to be taken care of. The Infotype 0105 (Communication) and subtype 001 contain a relationship among user id, \u00a0user position and personnel number. This relationship (record) needs to be maintained. If this is not maintained, indirect role assignment will not work.**<\/p>\n

 <\/p>\n

Steps for indirect assignment of roles:<\/p>\n

Assignment of position to user id:<\/p>\n

 <\/p>\n

Go to PFCG -> Goto -> Settings<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

Under User tab, there is a button “Organizational Mgmt”:<\/p>\n

\"Org<\/p>\n

Click on Organizational Mgmt button. This will take you to the next screen. Click on\u00a0\"F5\"\u00a0icon\u00a0or execute F5 to create assignment.<\/p>\n

You will get this screen:<\/p>\n

\"Change<\/p>\n

 <\/p>\n

Select Position from the list (as shown in the above screenshot).<\/p>\n

Following dialog screen will open: \u00a0\"position\"\u00a0Enter the position number and then click on\u00a0\"reconcile\"\u00a0(reconciliation button) to reconcile.<\/p>\n

 <\/p>\n

Assigning Role to Position<\/span>:<\/p>\n

Infotype 1001 Subtype B 007 record is created between Position (S) and Role (AG). For creating relationship between Position(S) and Role(AG), tcodes PP01, PP02 or PO13 can be used.<\/p>\n

Steps using PP01 tcode:<\/p>\n