Dear Experts,
We have many SAP products in our landscape like ECC, Solman, PI,BI,EM,SCM,CRM,HCM etc. We have Different SAP landscapes across Globe. (Like Separate ECC for Europe,Middle east, USA etc.) And we are trying to align our authorization concept followed in each region. As of now we follow Master-derive role concept in ECC and SCM only for Business roles only.
Now we are implementing GRC AC and IDM for full automation.So we will have Business Role which will be mapped to Composite roles to which technical role mapping will be done.We have plans to resign our authorization structure globally.
And there is one Global proposal to follow Master-derive role concept for all SAP products (except BI). Proposal for authorization structure is as below
Master -derive role concept for
1.All SAP products (Solman, PI,EM,EWM,CRM,HCM,ECC,SCM) for all (IT and Business roles)
2.All Communication roles.
3. in short, there will not be Single roles created in system. All are Master-derive in all SAP systems.
The above proposal provided justification that we will have consistency in authorization concept across all systems and there will not be confusion while creating composite roles.
I personally feel that Master-derive role concept for Non- org value systems like Solman,PI,EWM and for communication roles will not be wise decision.
Please advise, about above proposal.
Best Regards,