Leading and Derived Business Roles
Large organizations often need to create business roles where the role content varies only at the permission (restriction) level rather than at the business catalog level. For example, a company may have two sales and distribution employees with the same work center description, but who work at different plants (Plant 1000 and 2000). Both employees need the same general access, but should be restricted to their respective plant.
For these situations, derived business roles may help simplify role maintenance.
Derived business roles are a way to create custom roles based on an existing standard business roles (known as a leading or parent role), which can help simplify the business role creation and maintenance process. The leading role defines the standard access to be granted for the functions and applications required by the business user.
The derived business roles represent custom business roles that are created by inheriting restrictions (permissions and authorizations) from the leading business role. Instead of defining multiple a new business roles with standard access, you can simply derive them from the existing standard as defined in the leading role.
You designate a business role as the leading business role for the purposes of role derivation by maintaining the Is Leading Business Role checkbox on the role definition. You can make this designation using the Maintain Business Roles app.
Each leading role is defined and configured with all relevant business catalogs and maintains all common restrictions that will be consistent across each derived business role. The values maintained in the leading business role cannot be changed in the derived business roles, but you may enhance the restrictions with additional values if required.
The leading role configuration binds the derived roles. You are not allowed to make changes in a derived role to the business catalogs, space, or page assignments, or to restrictions maintained in the leading business role. Changes to these business catalogs, assigned spaces and pages, and common restrictions can only be made in the leading business role.
Further, when changes are required to be made in the leading role, the derived roles can automatically inherit these changes. In this way, derived business roles can save time and effort because each derived role inherits changes to the leading roles configuration and does not have to be individually maintained.
To Create Leading and Derived Business Roles
The following procedure describes the steps for creating leading and derived business roles:
- Open the business role that you want to define as master business role and click Edit.
- Select the Is Leading Business Role checkbox and click Save. The business role now has a leading business role designation.
- Return to the list view, select this master business role, and click the Create Derived Business Role link.
- The system suggests a business role ID you can enhance.
- Enter a role description and click OK. The system displays the business role maintenance screen. The business role has a Derived Business Role label.
- Add further values to the derived business role as required. Catalogs, spaces, pages, and restrictions maintained in the leading business role cannot be edited.
- Save your entries.
Summary
Now you should understand how to create derived business roles.
Additionally, you should now be able to determine when a derived role solutions could help simplify business role administration and maintenance.