on 07-09-2013 7:46 AM
Dears,
I'm creating Business Roles in IDM and I'm populating them with the IDM WEB UI Front end.
As we have more than 30 SAP systems-clients, it takes a lot of time adding the priviledges one by one.
Is there a way to do it in mass in IC or IDM WEB UI ?
I thought I could do it in Identity Center under : Identity Store metadata - Roles - "MyBusinessRole" but I can only see the added roles and not add from there.
Thx for your help.
Nicolas.
Hi Nicolass,
You can do it from your Job Folger and it should look something like this:
1. Create a new job and use To Identity Store pass
2. Then set your entry type to MX_ROLE in the destination tab
3. In the same pass - Source tab you have to make a select for the privileges you want to add in your Business Role.
4. The select should return Business Role and the privileges that will be assigned to it
BR,
Simona
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the Helpful Answer Simona,
I understand what you wrote but could you please help me with a concrete select so I could understand better.
Let's say :
Business Role : BUS_SDBA
Priviledges : PRIV:ROLE:ABC123:SDBA_ALL
PRIV_ABC123_ONLY
Next question, couldn't I create an txt file with the priviledges to include in a Business Role ?
Thx,
Nicolas.
Hi Nicolas,
The select should look like this:
SELECT vb1.mcmskeyvalue BUSINESS_ROLE, vb2.mcmskeyvalue PRIV_FOR_ADD FROM mxi_entry vb1
JOIN mxi_entry vb2 ON vb2.mcentrytype = 'MX_PRIVILEGE' and vb2.mcmskeyvalue in ('PRIV:ROLE:ABC123:SDBA_ALL','PRIV_ABC123_ONL')
WHERE vb1.mcentrytype = 'MX_ROLE' AND vb1.mcmskeyvalue ='BUS_SDBA';
As for the idea to get the privileges from a txt file, yes you could. If you have a file with the privileges you want to add into BR, the way to do it is with temporary table fill with the privileges from your txt file.
BR,
Simona
Hi Nicolas,
You are right, the txt file will be much better and faster way to do it.
My suggestion will be to make a txt file with Business Roles, privileges and one more column so you will be able to make a select by this additional column. So in this file you will fill all of the Business roles and privileges and after that you will fill a temporary table with the data from the txt file. After you have done that the select will be from this temporary table and you will be able to define which privilege should be added to the BR by this additional column.
BR,
Simona.
Nicolas,
When I do something like this, I usually create the file in Microsoft Excel and save as a .CSV (you can use the spreadsheet of your choice, of course). This makes it easier to manage the information, make sure columns are correct, sort, etc.
Then it's just a simple "From ASCII" pass to get the information into IDM. (Maybe a "To Identity Store" as well)
This is something you'll need to do in production as time goes on so it's worth keeping in your jobs folder.
Matt
Hi Nicolas,
I have made a blog about this - http://scn.sap.com/community/netweaver-idm/blog/2013/07/09/how-to-do-mass-population-of-a-business-r... you can check it and see if it helps.
BR,
Simona
Hi Nicolas,
Just want to mention something. Everything above is correct, but nobody mentioned nothing about RECONCILE.
If you populate business roles like this with automatic reconcile turned on, you will have heavy DB load which some times result in DB locks and failed jobs.
In order to avoid that you should turn the automatic reconcile off, and add reconcile pass after these two passes you already have.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.