on 10-24-2013 6:03 AM
Hi All,
In CUA we have and used an option to import the newly created roles from the child to the CUA.
What is the best way to do it with IDM ?
I think I can do it with the Job Initial Load and only keep the concerned passes like those ones :
- ReadABAPRoles
- ReadABAPProfiles
- WriteABAPRolePrivileges
- WriteABAPProfilePrivileges
Is that correct ?
I need that because sometimes I need to import the new roles during the day and don't want to wait the night batches.
Nicolas.
Hello Nicolas,
I'd say yes, but with delta handling acitvated for
- WriteABAPRolePrivileges
- WriteABAPProfilePrivileges
But I would create an own job folder and task for that and not just use the striped down Initial Load job. ^^
Regards,
Steffi.
EDIT:
What about those two:
Add triggers to ABAP RolePrivileges
Add triggers to ABAP ProfilePrivileges
Don't you need those, too? You could just put those in the other two passes, I guess.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Nicolas,
I would think that with the two read-passes you get all the roles and profiles from the backend, not just the newly created. So with the delta in the write jobs it would just write the really new ones instead of all roles and profiles again.
Unless you have an attribute value for the source tab to find just the new entries.
Or maybe I'm missing something? oO
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steffi,
You don't miss anything, I just thought I missed something with the deltas.
For me it's not an issue, except maybe performance speaking, to write all the roles again. I even prefer to do that and avoid unexpected issues from IDM.
I think you are right about your Edit 😉
So :
- ReadABAPRoles
- ReadABAPProfiles
- WriteABAPRolePrivileges
- WriteABAPProfilePrivileges
- Add triggers to ABAP RolePrivileges
- Add triggers to ABAP ProfilePrivileges
Nicolas.
Hello Nicolas,
well, we just started some weeks ago with the project to include SAP roles in IdM to provision them from there, so I'm still a little shaky with the details.
Nontheless that list of passes looks good to me. ^^
And as long as you don't have issues with the job running to long when you start it on demand during the day, writing all entries all the time would give you a clean data pool, yes. I guess it all depends on how many roles and profiles there are in the backend.
But you asked how to import the newly created roles, so I included the delta option. ^^
Regards,
Steffi.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.