Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

IDM and IDES systems

Hi all

In our company we'd like to introduce IDM for central user maintenance, account creation / role provisioning and self-service for all our SAP Systems.

I have a question regarding IDES systems:

On these systems exist a lot of users and roles/profiles. Some of them (I'm inspired by another post [here|How to handle these exceptions when read the information from abap system?;) may lead to error messages or require additional manual steps to be done. Furthermore I don't want all the users, roles, companies and so on in the IdentityCenter database because I want a consistent view of our company users and permissions.

On the other hand some of our employees already have / will need an account in these IDES systems for training purposes.

I was already thinking about

a) a filter (e.g. in the WriteABAPUsers-Pass of InitialLoad) where the SQL-Statement compares the TempDB with UniqueIDs from another DB -> this still leaves all the unwanted Roles & Profiles.

b) the deletion of all unwanted entries in the source systems. But this is difficult and a waste of time since some entries are needed for IDES training material.

c) to leave these IDES systems as they are. Then account creation and profile / role assignment will still be manual steps. IDM will the "only" be used for the non-IDES systems. But I think it would be great to look at a MX_PERSON entry in IdentityCenter and see all the systems where this person has an acount or which privileges are assigned to him, including IDES.

How would / did you guys solve this situation? Have you another solution I didn't come up with?

Any input highly appreciated. Especially some "live" experience would be nice

Regards

Michael

Former Member
Not what you were looking for? View more on this topic or Ask a question