The user master record comparison consists of three types of comparison:
● The profile comparison
With this, the profiles of time-dependent role assignments are updated.
You cannot set time limits for authorization profiles and their entry in user master records.
● The composite roll area
This updates the role assignments defined in composite roles, that is, added or deleted.
● The organizational management comparison
This generates the direct role assignments from the indirect role assignments of the organizational management model.
Procedure
...
1. Start transaction PFUD.
2. Specify the roles that you want to use for the comparison.
3. Choose one of the following actions:
○ Schedule or check job for the full comparison
Here you can start report PFCG_TIME_DEPENDENCY by specifying the time when the job is to start. The overview displays the status of background jobs that have already been scheduled.
If you schedule the report PFCG_TIME_DEPENDENCY daily before the start of business as a total comparison and it runs error-free, the authorization profiles in the user master are up-to-date every morning.
If you choose this action, all four processes types are always included, regardless of your selection under Processing Type. To execute only certain processing types of the comparison as a background program (for example, with the aim of improving runtime behavior), choose Perform User Master Comparison and the desired processing types. Then choose Save, to schedule a variant of the program RHAUTUPD_NEW.
○ Performing the User Master Comparison
With this action, you start the user master comparison in dialog for individual roles. You can select the required processing types (see 4.).
4. If you have selected Perform User Master Comparison, choose one or more of the following processing types:
○ Profile Comparison: Start the profile comparison immediately after generating or importing profiles. If you are using time-dependent role assignments, we recommend that you schedule this daily as a background job. This compares the authorization profiles with the user master records; that is, profiles that are no longer current are deleted from the user master records and the current profiles are entered in the user master records.
○ Composite role comparison: Start the composite role comparison if you make changes to a composite role definition (that is, if you add or delete single roles to a composite role) or import a change. Single-role assignments are compared with the composite role assignments for the user. If you add single roles to the composite role, the single roles are assigned to those users that are assigned the composite role. Conversely, if single role assignments are deleted for the users, the single role is removed from the composite role.
○ HR comparison: Start the HR comparison, if you make changes to your local organizational management model that influence the indirect role assignment or transport these to the system. You can only select this processing type if organizational management is active; that is, if the switch HR_ORG_ACTIVE is set in the table PRGN_CUST to YES.
○ Clean-Ups: Perform clean-ups when you generate or import profiles. Generated profiles that no longer exist are deleted. Regular clean-ups are particularly important if you transport your roles and profiles frequently, as this helps to solve possible inconsistencies quickly.
You can also select the following options:
○ Display error messages: All error messages are displayed on the screen in dialog mode.
○ Replicate local HR assignments in the central system: You can only select this option if you are in a child system of a CUA group and if organizational management is active. This option replicates the role assignments that exist in the child system that originate through relationships in the local organizational management model, for information in the CUA central system. You can display these relationships in the user maintenance (transaction SU01).
No comments:
Post a Comment