cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM - Sync New roles

Go to solution
Former Member

on ‎10-24-2013 6:03 AM

0 Kudos

Hi All,

In CUA we have and used an option to import the newly created roles from the child to the CUA.

What is the best way to do it with IDM ?

I think I can do it with the Job Initial Load and only keep the concerned passes like those ones :

- ReadABAPRoles

- ReadABAPProfiles

- WriteABAPRolePrivileges

- WriteABAPProfilePrivileges

Is that correct ?

I need that because sometimes I need to import the new roles during the day and don't want to wait the night batches.

Nicolas.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Steffi_Warnecke
Active Contributor
‎10-24-2013 8:20 AM
0 Kudos

Hello Nicolas,

I'd say yes, but with delta handling acitvated for

- WriteABAPRolePrivileges

- WriteABAPProfilePrivileges

But I would create an own job folder and task for that and not just use the striped down Initial Load job. ^^

Regards,

Steffi.

EDIT:

What about those two:

Add triggers to ABAP RolePrivileges

Add triggers to ABAP ProfilePrivileges

Don't you need those, too? You could just put those in the other two passes, I guess.

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎10-24-2013 8:28 AM
0 Kudos

I edited (a little slow ^^).

Former Member
‎10-24-2013 8:31 AM
0 Kudos

He Steffi,

Thanks for your answer.

What is the advantage of handling the deltas in this case ?

Sure I will create a new job folder for that but based on Initial Load as I think the passes are perfect.

Nicolas.

Answers (1)

Answers (1)

Steffi_Warnecke
Active Contributor
‎10-24-2013 9:04 AM
0 Kudos

Hello Nicolas,

I would think that with the two read-passes you get all the roles and profiles from the backend, not just the newly created. So with the delta in the write jobs it would just write the really new ones instead of all roles and profiles again.

Unless you have an attribute value for the source tab to find just the new entries.

Or maybe I'm missing something? oO

Regards,

Steffi.

Show replies
Show replies
Former Member
‎10-24-2013 9:12 AM
0 Kudos

Hi Steffi,

You don't miss anything, I just thought I missed something with the deltas.

For me it's not an issue, except maybe performance speaking, to write all the roles again. I even prefer to do that and avoid unexpected issues from IDM.

I think you are right about your Edit 😉

So :

- ReadABAPRoles

- ReadABAPProfiles

- WriteABAPRolePrivileges

- WriteABAPProfilePrivileges

- Add triggers to ABAP RolePrivileges

- Add triggers to ABAP ProfilePrivileges

Nicolas.

Steffi_Warnecke
Active Contributor
‎10-24-2013 9:22 AM
0 Kudos

Hello Nicolas,

well, we just started some weeks ago with the project to include SAP roles in IdM to provision them from there, so I'm still a little shaky with the details.

Nontheless that list of passes looks good to me. ^^

And as long as you don't have issues with the job running to long when you start it on demand during the day, writing all entries all the time would give you a clean data pool, yes. I guess it all depends on how many roles and profiles there are in the backend.

But you asked how to import the newly created roles, so I included the delta option. ^^

Regards,

Steffi.

Ask a Question