- SAP Community
- Products and Technology
- Additional Q&A
- Limitations of Auto-Provisioning through CUP (AE)
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Limitations of Auto-Provisioning through CUP (AE)
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-23-2009 2:50 PM
Hi all,
I am looking for some information on what are all the benefits and limitations of using auto-provisioning over manual provisioning for the backend systems through CUP (AE).
We are implementing GRC AC 5.3 and it is organization's business decision whether we need the proviosing piece to be automated or not. However, I would like to get your suggestions based on your project experiences esp in a decentralized security administration where security admins are in different geographical locations and have to provision only for their user groups.
Can we perform all the activities thro' auto-provision similar to a security administrator manually creating a user, assign appropriate user groups etc., or is there any limitation?
Which approach would be better for decentralized administration?
Appreciate your suggestions..
Thanks
Siri
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Siri,
I totally agree with William. If the auto-provisioning functionality is available and when it is working fine, why shouldn't you use it. Unless until, there is some valid reason, I will recommend you to use Auto-provisioning feature. It saves time and it produces nice audit trail.
Regards,
Alpesh
SAP GRC Manager (PwC)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Alpesh & Williams,
The user default settings such as date, timezone, decimal etc can be configured through the 'user defaults' and 'user default mapping' . I see the option of assigning user groups and appropriate parameters too.
Say the user belong to user group AAA_XXX and another user belongs to AAA_YYY, where
AAA - location
XXX - Dept
I have configured these (location, dept) as required fields while entering the request in CUP .
However, during run time how will the correct user group be assigned to the user. Is it through the user default mapping? Where do we maintain all the user group information that is available in the ECC system? Do we have to create user default, user default mapping for each user group??
The documentation from SAP is not very clear .. Appreciate if you can provide some lights on this area.
Thanks
Siri
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Siri,
You'll first have to set a user default system for your ECC system that you'll be provisioning to. Then create your defaults in the User Defaults -> User Defaults section. Once that's completed, create user default mappings using the attributes you require (New Request, location, department, company, etc.). You'll have to create new user defaults and mappings for each user group you have.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I have a situation where the user ID in the UME (datasource) is 20 characters. But the user account that can be created in SAP ECC should be only 12 characters. When CUP processes the request which has to create a user account, it will truncate and create a user account with only 12 characters.
So how can I achieve this via auto-provisioning ..
Note:
I need my portal user Id is 20 char and SAP user Id has a unique number with 12 characters and map the 20char to the alias name in SU01.
Has anyone tried this option to achieve SSO between EP, GRC, ECC?
Thanks
Kee
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
The way I've set our CUP is to auto-provision through CUA. Honestly, I don't see any reason not to if you make a security admin the last step of your approval process. It would be just like them having to manually provision the access, except they only have to review instead of going directly into the system to do the same thing that CUP can do automatically. It just seems like a waste of time and manpower, personally. I think you could make this same case to the business.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Characters limitation when using Georgian Unicode text in Human Capital Management Q&A
- S/4 Flexible PO Workflow -Approval Limit Check in Supply Chain Management Q&A
- Unable to add to the credit limit on existing user. in Enterprise Resource Planning Q&A
- Need Info on System Owner Permissions for SAC,DSP in Technology Q&A
- Value disappeared in Enhanced Limit tab in PR in Enterprise Resource Planning Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.