Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from JimmyJ2 on Sep 19 at 5:05 PM I think the behaviour differs depending on if the source is legacy PFCG roles or if it is controlled by GRC. My experience with legacy PFCG roles is that all master role is copied to the derived except for organisational values (unless you are creating a brand new derived role). We typically have an "ALL" role as the master and more restrictive roles from an organisational perspective as the derived and once established the behaviour as mentioned above has always happened. Here's an excerpt from help.sap.com -
The master role serves as the template for the authorizations and attributes. The derived roles are differentiated from the master role and each other by organizational levels.
All authorization data is propagated, except for organizational levels.
Source -
https://https://help.sap.com/saphelp_grcac10/helpdata/en/6 8/687df059724fa2b381e68632c67b57/content.htm/saphelp_grcac10/helpdata/en/68/68 7df059724fa2b381e68632c67b57/content.htm
| | | ---------------Original Message---------------
From: Alex Ayers
Sent: Monday, September 19, 2016 6:00 AM
Subject: Derived Role Issue - When We Update Master Role Values for Derived Role Change
When you push changes from a master role (adjust derived) then i. all
object level values and ii/. all org level values (e.g. plant 1002) in the
master will be pushed to the derived role.
Only blank org levels in the master will not overwrite org level values in
the derived role. This is why we typically do not maintain org levels in a
master role. If you are going to maintain any values then you should only
maintain those org level values that are consistent for all roles derived
from that master. |
| Reply to this email to post your response. __.____._ | In the Spotlight Become a blogger at Toolbox.com and share your expertise with the community. Start today.    _.____.__ |
