Hi all

In our company we'd like to introduce IDM for central user maintenance, account creation / role provisioning and self-service for all our SAP Systems.

I have a question regarding IDES systems:

On these systems exist a lot of users and roles/profiles. Some of them (I'm inspired by another post [here|😉 may lead to error messages or require additional manual steps to be done. Furthermore I don't want all the users, roles, companies and so on in the IdentityCenter database because I want a consistent view of our company users and permissions.

On the other hand some of our employees already have / will need an account in these IDES systems for training purposes.

I was already thinking about

a) a filter (e.g. in the WriteABAPUsers-Pass of InitialLoad) where the SQL-Statement compares the TempDB with UniqueIDs from another DB -> this still leaves all the unwanted Roles & Profiles.

b) the deletion of all unwanted entries in the source systems. But this is difficult and a waste of time since some entries are needed for IDES training material.

c) to leave these IDES systems as they are. Then account creation and profile / role assignment will still be manual steps. IDM will the "only" be used for the non-IDES systems. But I think it would be great to look at a MX_PERSON entry in IdentityCenter and see all the systems where this person has an acount or which privileges are assigned to him, including IDES.

How would / did you guys solve this situation? Have you another solution I didn't come up with?

Any input highly appreciated. Especially some "live" experience would be nice

Regards

Michael