Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Current »

Automatic FSM user creation after role assignment in transaction SU01 is available for SAP ECC system only.

(S4)PACG 200 SP06 A special report can be used to generate FSM users on S/4 systems if transaction SU01 was used: /PACG/ECM_FSM_USERS - Report for role-based user generation. Automatic user creation (or deactivation after role removal) will take place when roles are assigned via transaction PFCG - this is supported by both ECC and S/4 systems and no reports need to be executed. The newest ECC versions may also require running the report.

SAP users can be automatically added to the FSM Cloud Connector user maintenance table and transferred to SAP FSM, based on authorization roles.

SAP roles can be assigned to users in transaction SU01, tab ‘Roles’ ((S4)PACG 200 SP06 also transaction PFCG).

 

Roles relevant for FSM user creation should be maintained in the hereby described transaction - /PACG/ECM_USROL.

New users will be created with properties set for the role, including:

  • Company

  • Substactor, Plannable, Not Active

  • User crowd type

  • Permission ID

  • FSM user active

The property ‘login enabled’ is always enabled for new users, however if the new user is inactive on account level, they won’t be able to log in, regardless of this flag.

Example flow

1. In transaction /PACG/ECM_USROL role ‘SAP_BPR_EMPLOYEE-S’ is set for company 5 as relevant for FSM user creation.

 

2. The same role is assigned to an SAP user in transaction SU01.

 

3. After saving the user, a new entry in FSM user maintenance tables is created. 

4. The new user is automatically transferred to SAP FSM.

 

Removal of a role

If a role is unassigned from a user in SU01/PFCG, the user will be set as ‘inactive’ in the user maintenance table, both on company and account levels (property ‘inactive’ and ‘FSM user active’).

(S4)PACG 200 SP11 If an FSM-relevant user role is unassigned from a user, the related FSM users are inactivated on company level only if no other role relevant for this company is assigned to them. Users are inactivated on account level only if they’re not assigned to any role relevant for any other of their companies. Additionally, whenever a user is deactivated on company level, the property ‘loginenabled’ is set to false for a given user in a given company.

To illustrate this better: unassignment of role SAP_BC_EMPLOYEE woudn’t deactivate the user on any level. Unassignment of both SAP_BC_EMPLOYEE and SAP_BPR_EMPLOYEE-S would deactivate it on company level but not account (it’s still relevant for company 5). In this case all three roles have to be unassigned for deactivation on account level. 

  • No labels

If you'd like to help us improve the documentation, please provide your feedback using the communication channels listed here. Learn about support possibilities here.