cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Templates for Business Role vs System Roles (aka privileges) & Business Roles vs SAP HR Position Id's

Former Member

on ‎06-04-2013 1:05 AM

0 Kudos

Hi

I am looking for excel templates for loading mapping of Business Roles vs SAP system roles (ABAP & Java) and also template for loading Business Roles vs SAP Position Id's into IDM.

Can anyone share the templates and format if anyone has used tempaltes for loading the info into IDM for provisioining rather than setting up them manually in IDM IC? I am using SAP IDM 7.2 - SP05.

Please share the templates to my personal email id - ramub5@gmail.com or rbirudaraju@yahoo.com.au

Thanks in advance

Raju

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

ivan_petrov
Active Participant
‎06-05-2013 9:03 AM
0 Kudos

Hi Raju,

Actually if you look for a simple solution you can use the one that KV provided.

But this is a very simple case and it is based only on one key(position ID).

My needs were very complex so I've build very robust custom solution with unlimited number of keys and properties, and even different key sets for different locations. I'm using XML format to load the info and it looks like that for one location:

The columns marked in blue are the keys, the rest are just additional properties.

As you can see it is a whole solution and there is much more than just this XML file.

Best regards,

Ivan

Show replies
Show replies
Former Member
‎08-01-2013 5:19 AM
0 Kudos

Hi All

I have a query regarding mass user provisioning from SAP IDM into all ABAP and Java repositories. Is it possible using SAP IDM 7.2? If so, can someone guide me on configuring tasks / jobs etc.

The scenario is like this.

I have got multiple SAP system roles / Portal roles / Portal Groups from many ABAP and Java based application for a Business Role.

I have got SAP HR Position having multiple Business Roles.

When I assign SAP HR Position to an Identity, all the Business Roles mapped to that SAP HR Position should be assigned to that person user id in all SAP ABAP and Java systems. This should happen for 4000 users in one go..!, how to configure SAP NW IDM 7.2 to make it happen? Is there any standrard function available in IDM? Anybody has done this before?

Can anyone please guide and help me?

Thanks in advance

Raju

Former Member
‎08-03-2013 8:53 PM
0 Kudos

Hi Raju,

We used the dynamic group functionality to build some criteria that captured all the people that should have a role, then set the role to auto assign on the group.

Couple of catches, you can only have one role per group and a bug means the group only adds 1000 people at a time, so if your criteria catches 3500 people, you have to evaluate the group 4 times at the start. Once it has got going to, to pick up the next set of records you only need to evaluate it once, unless you add more than 1000 records in one go.

Hope this helps,

Ian

P.S. be careful with these, once they are live. If you make a mistake with the SQL so it picks up nobody, and reevaluate the group, all the users will have their access removed!

Murali_Shanmu
Active Contributor
‎06-05-2013 7:20 AM
0 Kudos

Raju,

I dont think there is a standard template as requirements vary for each customer. You could initially start with the template provided by Kautilya and then modify or add fields for your requirements.

Also check out this blog which covers the concept and is very simple.

Cheers,

Murali

Show replies
Show replies
Former Member
‎06-05-2013 2:52 AM
0 Kudos

Hi Raju,

It's actually very easy to make templates. In Excel create a csv file with one column as the Business_role and the Privilege like the following:

Populate the Business_role and the Privilege values as per your requirement.

To read this data into IDM, set-up a job "Privileges to Business Role" with a pass to read the above data(From ASCII file) and another pass to write the values(To Identity store). Make sure the back-end (SAP or java) privileges are read into IDM before you execute the job.

The Business Role to SAP HR Position ID csv file should look like the following:

Setup another job "Business Role to Position" with a pass to read the above(From ASCII file) and another pass to write the values(To Identity store). Make sure the Business roles are set-up first in IDM before you execute the job.

I'm presuming that you know how to use  From ASCII file and To Identity store passes..

Cheers,

KV

Show replies
Show replies
Former Member
‎06-06-2013 2:26 AM
0 Kudos

Thanks a lot KV

One more question, how can we use / configure SAP NW IDM for assigning roles / privileges / access rights in Business Objects suite of products such as BOBJ, SAP BPC, SAP BODS, SAP BODM?

and aslo SAP eSourcing?

Have you got any configuration document for ABAP Role / Java UME role assignments using SAP IDM? Does VDS must be configured for provisioning into all SAP systems in the landscape?

Thanks

Raju

Murali_Shanmu
Active Contributor
‎06-07-2013 9:55 PM
0 Kudos

Raju,

With regard to BusinessObject, check my response in this thread.

I believe eSourcing is deployed on an AS JAVA system. Hence, it should be the same as provisioning to an AS Java system.

All the configuration documents are listed out here.

VDS is not used most often to provision to an SAP system. It comes down to your landscape.

Hope this was helpful.

Cheers

Murali

Former Member
‎06-13-2013 2:13 AM
0 Kudos

You are welcome, Raj!

My answer would concur with Murali's response.

Let me know if it still not clear on this. Thank you.

KV

Ask a Question