cancel
Showing results for 
Search instead for 
Did you mean: 

ValidFrom and ValidTo dates

former_member192766
Participant
0 Kudos

Hi Guys,

Any idea how to provision the changes in ValidTo and ValidFrom dates for a privileges in the ABAP system?

Even when you assign a new role/priv with ValidFrom, ValidTo it's always showing as date '1/1/1900' to '31/12/2012'

Any clues?

Regards,

Ridouan

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Ridouan,

Yes, there is a method to do this.

there is a workaround ie "delta provisioning" of profile and role
assignments to AS ABAP systems, that system has to be on a certain
release/SP level which is documented in note 1469551. For systems
below the SP levels of this note the workaround cannot be used
unfortunately.

On the Identity Center side, here are the details about how to use the
new functionality in the respective function module in the AS ABAP:

- Pass type: To Custom / ToSAPIdentity (ToSAP does not support delta
provisioning)

- Role assignments:
- Connector attribute: delta_roles
- Connector value: CHANGE_TYPE [VALIDITY_DATES] ROLE_NAME [ " "
CHANGE_TYPE [VALIDITY_DATES] ROLE_NAME ]*
- CHANGE_TYPE: {A} for "add", {R} for "replace", {D} for "delete"
- VALIDITY_DATES (optional)
- For "add" and "delete":
{VALIDFROM=yyyy-MM-dd!!VALIDTO=yyyy-MM-dd}
- For "replace": {VALIDFROM=yyyy-MM-dd!!VALIDTO=yyyy-MM-dd!!NEW_VALIDFROM=yyyy-MM-dd!!NEW_VALIDTO=yyyy-MM-dd}

- Example without validity period: {A}SAP_BC_BASIS_ADMIN -> Add role
SAP_BC_BASIS_ADMIN without limitation of validity period ("from now
until forever").
- Example with validity period: {R}{VALIDFROM=2010-01-01!!VALIDTO=2010-12-31!!NEW_VALIDFROM=2010-04-01!!NEW_VALIDTO=2011-03-31}
SAP_BC_BASIS_ADMIN -> Change the validity of the role assignment for
SAP_BC_BASIS_ADMIN: Previously it was valid from 2010-01-01 to
2010-12-31, now it's moved three months later and becomes valid between
2010-04-01 and 2011-03-31.

- Profile assignments:
- Connector attribute: delta_profiles
- Connector value: CHANGE_TYPE PROFILE_NAME [ " " CHANGE_TYPE
PROFILE_NAME ]*
- CHANGE_TYPE: {A} for "add", {D} for "delete"

You can try testing this in your test environment and see if it meets
your needs.