05-13-2019 8:24 AM - edited 02-03-2024 7:42 PM
Hello,
Do you know if there is an easy way to create restricted roles in S/4HANA Cloud?
We are currently doing a roll out for 22 entities at once. We have an average of 30 roles per entities, which represent 660 roles to create. As it is a manual process by copying existing roles and doing the update, it is highly time consumming and with a significant risk of mistake.
Is it a strong limitation of the toll or is there any way to manage it in a easier way than manually 1 by 1.
Kind regards,
Etienne
Hello Etienne,
Currently the identity and access management functionalities are not supporting a mechanism to allow maintaining complex restriction relationships such as for instance traditional derived roles. That said, please find the below blog aimed to reduce the manual effort for your task at hand as this approach would allow to you create and update roles and assignments in mass:
https://blogs.sap.com/2019/02/11/mass-maintence-of-segregation-of-duties-in-sap-s4hana-cloud/
Hope this helps,
Thank you,
Feras
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Feras,
We have nearly 50 master business roles to be created in S/4 HANA Cloud and derived roles are expecting to be nearly 1000+ roles ( 50*21 = 1050). We are facing challenges in creating all these 1000+ derived roles manually in the system as it is time-consuming and involves manual creation of roles.
I have already gone through the blog Mass Maintenance of Business Roles in SAP S/4HANA Cloud, but again this suggestion also leads to creating more number of files as the same as the number of derived roles.
Does anyone come across this situation? Do we have any provision to automate or doing mass derived roles creation in the S/4 HANA cloud system?
Thanks
Sindhu
Hello,
Indeed, there is no good way to manage it in the current version.
The solution you have are:
For sure, role management is still a painfull area.
Kind regards,
Etienne
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Etienne,
Thanks a lot for your prompt response! Much appreciated.
Yes we are currently using "leading restriction" to minimize the manual updation of org. fields in the same derived role.
But we also parallelly looking for a way to derive roles (creating derived roles and to maintain different org. values in each derived roles created) in mass.
Thanks
Sindhu
User | Count |
---|---|
100 | |
11 | |
11 | |
6 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.