on 10-28-2009 2:30 PM
Hello, I have been reading about IDM for a time now and attended all the workshops I could at Teched this year about the product. It looks great. However, let me give you a brief history. My company installed SAP in 1993 and their security design was to give each individual user their own "personal role" and have been adding transactions ad hoc to these roles since. I was hired on about 6 months ago as Security in order to clean this mess up and go to a position based model. (It is a long tedious task.....)
Now, we have 9 installs of SAP. I believe that since we don't have our roles in SAP laid out correctly yet, IDM provides us not much benefit. CUA is great, but also provides us no real benefit other than I can create users in one central location and not in 9 systems.
We have about 800 PRD users total. We are on ECC 6.0 in all systems except we also have SolMan 7.0 on one.
My short term goal is to get some sort of password synchronization for all these systems. Eventually I definitely want to make use of everything IDM has to offer.
What would be some of your opinions, recommendations, experience for something like this?
Thank you much,
Michael
Hi Michael,
You can install IdM and get to know the product without affecting your SAP systems, by just getting IdM up and running and making sure you can import all users from Active directory or directly from the different SAP systems into the IdM Repository.
In addition, setup a test system or client where you can test the provisioning of users from the repository to a SAP system.
If you get that to work, you could start rolling out password synchronization.
At that point, you have everything in place to start provisioning roles once the company is ready for it.
While you're at it, make sure you define "business roles" roles in IdM and map these to technical roles which can be distributed to your SAP systems.
Kind regards,
Dagwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>
> Now, we have 9 installs of SAP. I believe that since we don't have our roles in SAP laid out correctly yet, IDM provides us not much benefit. CUA is great, but also provides us no real benefit other than I can create users in one central location and not in 9 systems.
>
I think that's where IdM can help you or help you in laying out target system roles properly with business roles. The pain point is in designing the business roles that contain your technical roles (target system roles) so that meaningful set of rights is available to business users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.