on 08-12-2009 11:00 AM
Hi all
In our company we'd like to introduce IDM for central user maintenance, account creation / role provisioning and self-service for all our SAP Systems.
I have a question regarding IDES systems:
On these systems exist a lot of users and roles/profiles. Some of them (I'm inspired by another post [here|😉 may lead to error messages or require additional manual steps to be done. Furthermore I don't want all the users, roles, companies and so on in the IdentityCenter database because I want a consistent view of our company users and permissions.
On the other hand some of our employees already have / will need an account in these IDES systems for training purposes.
I was already thinking about
a) a filter (e.g. in the WriteABAPUsers-Pass of InitialLoad) where the SQL-Statement compares the TempDB with UniqueIDs from another DB -> this still leaves all the unwanted Roles & Profiles.
b) the deletion of all unwanted entries in the source systems. But this is difficult and a waste of time since some entries are needed for IDES training material.
c) to leave these IDES systems as they are. Then account creation and profile / role assignment will still be manual steps. IDM will the "only" be used for the non-IDES systems. But I think it would be great to look at a MX_PERSON entry in IdentityCenter and see all the systems where this person has an acount or which privileges are assigned to him, including IDES.
How would / did you guys solve this situation? Have you another solution I didn't come up with?
Any input highly appreciated. Especially some "live" experience would be nice
Regards
Michael
several different approaches possible...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.