At some instances, we encounter issues related to position based role assignment.
Sometimes user gets some roles/ authorizations that are not directly assigned. They come from position of the User.
One of the issue that we faced was, user had roles that came from the position of the user.
It was required to remove such roles from the users profile as those were not required.
Hence we checked via SU01 as below:
The person symbol indicated that the roles has come from indirect assignment/ position of user.
The next thing that we did is to check if this has really come from user’s position.
For that, we go to PO13 and put the position number of that particular user to check the Relationships for the user.
Sometimes, you will not be able to find that particular role in the Relationships.
Hence to cross verify this, we again to SU01 and double click on the particular role so that it takes us to the PFCG Display role screen.
Now in the PFCG Display role screen, click on Goto –>Organizational Management.
Here you will be able to find the name of the user with position number. Thus this confirms that the particular role has been there with the user from the position of the user.
To remove such roles, go to SE38 and run RHPROFL0 (Generate user authorization) :
Select Object Type as “S” and Object ID as the position number of the user.
Check the Test Session and rum the program to see which authorizations and roles are getting added or deleted.
Once you have run the test session and verified that the particular role that has come from the position is getting deleted, run the program again by unchecking the Test session check box to save the changes now.
This will help to remove the roles that have come from the position and are not required.