on 05-18-2013 11:07 PM
We have a requirement in our company where for one of our SAP systems, we need to only add roles to the users from IDM but don't want to remove the existing roles, can you please share the steps and scripts along with screen shots to achieve this for SAP 7.1 patch 7.
Thanks,
Arun A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Arun,
My script is very complex because of my scenario.
The version of IDM doesn't matter at all, because the issue is not in IDM, but in ABAP it self.
So the basic idea is that actually you should always send all attached roles in IDM and all pending for attachment in IDM to ABAP. And you don't need to remove any roles from ABAP just don't send them.
So step by step:
1. Use grouping per Application in ABAP Repository
2. Get all attached ABAP roles in IDM
3. Get all pending ABAP roles to be removed in IDM
4. Subtract the list from step 2 from list of step 1
5. Get all pending ABAP roles to be added in IDM
6. Add list from step 4 to list of step 3
7. Submit result list to ABAP.
Best regards,
Ivan
Thanks Ivan, for all your replies. So the current provisioning process irrespective of if there is a role to be added to the user or not when we provision the user through SAP provisioning for any repository it removes the roles and re-adds the roles as per the approved identity center.
I guess this is more controlled in BAPI'S that standard process is using.
Do you mind giving me an over view how to customise these BAPI's and how to modify the standard provsioning framework.
Thanks,
Arun A
Hi Arun,
If you don't use SAP CUA and you have provisioning to individual SAP Systems than you should use another task which supports DELTA.
Look around in standard SAP provisioning for task with following name:
AssignDeltaABAPPrivileges
Use it instead of regular one. Of course you should accomplish some tests first, because I never used to play with it, our clients are using SAP CUA. Hope it will be useful for you.
Best regards,
Ivan
Hi Arun,
If you don't have it than maybe it doesn't work with 7.1.
What I can propose follow the steps in my blog they will work even for 7.1 and even you are not using SAP CUA.
Sorry, but there is no better solution, or at least I don't know about it.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.