cancel
Showing results for 
Search instead for 
Did you mean: 

Retrieving detailed authorizations information via RFC

Former Member
0 Kudos

Hi all,

Is there a way to pull information like:

  • All roles (single, composite);
  • All profiles, including authorizations info:
    • C_DRAW_TCD;
    • C_DRAW_TCS;
    • C_DRAW_STA;
    • C_DRAW_BGR;
    • C_DRAW_DOK;
    • C_DRAD_OBJ;
    • DOCUMENT_AUTH01.
  • All users with profile assignments.

In other words, is it possible to grab all information needed to say whether particular user has access to the document stored by DMS?

We've started with calling BAPI_HELPVALUES_GET with PROFILES parameter, but it does not seem to return all required information that linked to the profile within SAP.

Any suggestions/directions?

Thanks in advance.

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Pavel,

    

If you want to pull these information through SAP IDM, there is standard initial load ABAP Jobs that
allows you to do so (roles, profiles, and assignments between Users / roles and profiles).

There is an extended SAP IDM Framework called the RDS which contains a sort of advanced initial load jobs that can retrieve additional information such as : difference between composite and derived roles, help values for simple attributes such as license code, user groups and parameters...

In both cases, once you set up SAP IDM, you can take a look at “administration job folder, in the source tab of each of IDM initial load job, in the lines called filter and tables, it will give you the name of the BAPIs / tables called or read to retrieve these informations.

The only thing I never get the chance to see in SAP IDM and I don’t think it’s possible in a standard way, is to retrieve profiles with their corresponding roles.

  

Fadoua

Answers (1)

Answers (1)

former_member2987
Active Contributor
0 Kudos

Pavel,

Are you trying to do this through IDM?  What system are you trying to connect to? Is it ABAP or JAVA based?

Thanks,

Matt

Former Member
0 Kudos

Well, I'm not quite sure that I've chosen the right forum for asking this question. Please correct me if there is a more suitable one.

For me it looks like that the task can be accomplished with use of some BAPIs, particularly mentioned in "SAP Identity Management APIs" reference - so yes, I'm trying to do this through IDM APIs.

Targeted system is SAP ECC 6.0 and higher.

C# + .NET SAP connector 3.0 is supposed to be used.

Former Member
0 Kudos

The .NET connector is not used with SAP IDM - its more often used with .Net applications or other IDM products (such as Microsoft FIM).  SAP IdM will do this out of the box without the need for the connector.

I think the correct forum is Interoperability .Net.  Try reading through this thread:

Peter