cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Populate Faster Business Role

Go to solution
Former Member

on ‎07-09-2013 7:46 AM

0 Kudos

Dears,

I'm creating Business Roles in IDM and I'm populating them with the IDM WEB UI Front end.

As we have more than 30 SAP systems-clients, it takes a lot of time adding the priviledges one by one.

Is there a way to do it in mass in IC or IDM WEB UI ?

I thought I could do it in Identity Center under : Identity Store metadata - Roles - "MyBusinessRole" but I can only see the added roles and not add from there.

Thx for your help.

Nicolas.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-09-2013 8:06 AM
0 Kudos

Hi Nicolass,

You can do it from your Job Folger and it should look something like this:

1. Create a new job and use To Identity Store pass 

2. Then set your entry type to MX_ROLE in the destination tab

3. In the same pass - Source tab you have to make a select for the privileges you want to add in your Business Role.

4. The select should return Business Role and the privileges that will be assigned to it

BR,

Simona

Show replies
Show replies
Former Member
‎07-09-2013 9:00 AM
0 Kudos

Thanks for the Helpful Answer Simona,

I understand what you wrote but could you please help me with a concrete select so I could understand better.

Let's say :

Business Role :    BUS_SDBA

Priviledges :     PRIV:ROLE:ABC123:SDBA_ALL

                       PRIV_ABC123_ONLY

Next question, couldn't I create an txt file with the priviledges to include in a Business Role ?

Thx,
Nicolas.

Former Member
‎07-09-2013 9:22 AM
0 Kudos

Hi Nicolas,

  The select should look like this:

SELECT vb1.mcmskeyvalue BUSINESS_ROLE, vb2.mcmskeyvalue PRIV_FOR_ADD FROM mxi_entry vb1

      JOIN   mxi_entry vb2 ON   vb2.mcentrytype = 'MX_PRIVILEGE' and vb2.mcmskeyvalue in ('PRIV:ROLE:ABC123:SDBA_ALL','PRIV_ABC123_ONL')

   WHERE vb1.mcentrytype  = 'MX_ROLE' AND vb1.mcmskeyvalue ='BUS_SDBA';

As for the idea to get the privileges from a txt file, yes you could. If you have a file with the privileges you want to add into BR, the way to do it is with temporary table fill with the privileges from your txt file.

BR,

Simona

Former Member
‎07-09-2013 10:03 AM
0 Kudos

Ok, I understand the way with the querry, but in my case the txt file would be a way faster because i have a lot of different priviledges and I can export them from a dump i did in access.

could you help me with this ?

Thx again,

Nicolas.

Former Member
‎07-09-2013 10:11 AM
0 Kudos

Hi Nicolas,

   You are right, the txt file will be much better and faster way to do it.

My suggestion will be to make a txt file with Business Roles, privileges and one more column so you will be able to make a select by this additional column. So in this file you will fill all of the Business roles and privileges and after that you will fill a temporary table with the data from the txt file. After you have done that the select will be from this temporary table and you will be able to define which privilege should be added to the BR by this additional column.

BR,

Simona.

former_member2987
Active Contributor
‎07-09-2013 1:28 PM
0 Kudos

Nicolas,

When I do something like this, I usually create the file in Microsoft Excel and save as a .CSV (you can use the spreadsheet of your choice, of course).  This makes it easier to manage the information, make sure columns are correct, sort, etc.

Then it's just a simple "From ASCII" pass to get the information into IDM. (Maybe a "To Identity Store" as well)

This is something you'll need to do in production as time goes on so it's worth keeping in your jobs folder.

Matt

Former Member
‎07-09-2013 2:17 PM
0 Kudos

Hi Nicolas,

I have made a blog about this - http://scn.sap.com/community/netweaver-idm/blog/2013/07/09/how-to-do-mass-population-of-a-business-r...   you can check it and see if it helps.

BR,

Simona

Former Member
‎07-09-2013 2:51 PM
0 Kudos

Hello Simone,

Thank you very much for you blog, if you want to write more, I can ask more questions and you can answer like this 🙂

I'll be off tomorrow but I'll try your solution on Thursday !

I'll keep you posted.

Thank you very much.

Nicolas.

Former Member
‎07-09-2013 3:02 PM
0 Kudos

Hi Nicolas,

  If you have other questions, ask and if I can help you, no problem.

It will be fun to write more blogs.

BR,

Simona.

Answers (1)

Answers (1)

ivan_petrov
Active Participant
‎07-10-2013 10:00 AM
0 Kudos

Hi Nicolas,


Just want to mention something. Everything above is correct, but nobody mentioned nothing about RECONCILE.

If you populate business roles like this with automatic reconcile turned on, you will have heavy DB load which some times result in DB locks and failed jobs.

In order to avoid that you should turn the automatic reconcile off, and add reconcile pass after these two passes you already have.


Best regards,

Ivan

Show replies
Show replies
Ask a Question