- SAP Community
- Products and Technology
- Additional Q&A
- ERM: Roles, Backend System and System Landscape
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
ERM: Roles, Backend System and System Landscape
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-11-2010 1:29 PM
Hi,
When initial mass role import is done within ERM, roles uploaded are registered into ERM linked to source backend system and target system landscape. Is this correct? Or ERM loses all relationship to source backend phisycal system?
Thanks in advance. Regards,
Imanol
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I am sorry again but still don't get it. More questions comes into my mind...
Imagine we have a role (ROLE_ERM1) in ERM linked to System Landscape ERP (which contains system DEV, QA and PROD). Such role is generated in DEV and afterwards transported (in the backend) from DEV to QA BUT NOT to PROD.
Afterwards we import roles in CUP using ERM Role importi option and selecting PROD System.
Since PROD is included within ERP System Landscape and ROLE_ERM created under System Landscape ERP, such role will be imported into CUP and linked to PROD System.
The thing here is that in real, ROLE_ERM1 is not still in production.
Am I right?
Thanks for all. Regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Imanol,
If ROLE_ERM1 is in a ERM system landscape, you can import it to CUP in any connector that belongs to the landscape.
You will also be able to include the role in a request. However, at provisioning time, if the role does not exist on the production backend, you will receive an auto-provisioning error and the audit log will say: "Role xxxxx does not exist."
Nice "feature," eh?
-Dylan
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Dylan,
Great to hear from you and thanks for your response.
There is still one thing unclear for me: If we will be importing roles into CUP form ERM and taken into account that CUP register internally in its DB, information for roles and system linked (system is a selection parameter when running importing).
How this role & system information is coming from ERM since you are saying that this information is not store there?
I don't know if I have explained myself
Many thanks in advance. Best regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Ahhh, now I get it.
ERM assigns one System Landscape to the role. Example: System Landscape = ERP.
Within "ERP" there are SAP systems assigned, e.g. DEV, QAS, PRD, etc.
Then in CUP, you have to import roles per system/connector. So, you would import the same role up to 3 times. 1 = DEV, 2 = QAS and 3 = PRD. Or, can even just import the role for PRD and not DEV or QAS, if you want.
CUP uses the connector name to find which ERM System Landscape the role belongs.
-Dylan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Imanol,
After the roles have been imported to ERM, the there is no active backend source link for the role. Only when the role is generated, does ERM push the role information to the backend through the connector but then after that it disconnects and there is no link until the role is generated again.
There are other types of backend source "links" such as: Org, transaction and activity value synchronization jobs. But these values are only imported for use when adding or deleting transactions and for setting org ranges (if used).
The backend is also connected to ERM when running risk analysis simulations. True, the risk analysis is done in RAR, but the latest number of users assigned is pulled real-time from the backend source.
Finally, the backend is connected with running the Role Usage job for UARs. The Role Usage job runs completely independent of import role and can run even with no imported at all!
-Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- SAP S4HANA Cloud Public Edition Logistics FAQ in Enterprise Resource Planning Blogs by SAP
- SAP Business Network for Logistics 2404 Release – What’s New? in Supply Chain Management Blogs by SAP
- SAP Build Process Automation Pre-built content for Finance Use cases in Technology Blogs by SAP
- ISAE 3000 for SAP S/4HANA Cloud Public Edition - Evaluation of the Authorization Role Concept in Enterprise Resource Planning Blogs by SAP
- New 1H 2024 SAP Successfactors Time (Tracking) Features in Human Capital Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.