cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mass user creation with SU01 parameters

Go to solution
Former Member

on ‎06-06-2014 1:40 PM

0 Kudos

Hi experts,

I am able to create one SAP user and setting some predefined SU01 parameters with Tero and Steffi help (http://scn.sap.com/thread/3565184).

Now I am searching ideas for the following scenario:

I need to create many users with default SU01 parameters. For example I need to create ZUS00001, ZUS00002.........ZUS01000,

many thanks for your help,

Mia

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Steffi_Warnecke
Active Contributor
‎06-10-2014 9:17 AM
0 Kudos

Hello Mia,

since you already have setup the default parameters for new accounts, all you really have to do is give the IdM the pool of users that should get the account created in your system and then assign the system-privilege of that repository to them.

If those identities are NOT already part of IdM, I think Krishna's approach is IMO the best way to create the identities in IdM and then create their user accounts in the ABAP system via your normal provisioning.

If the identities of the users are already created in the IdM and you just need to create the user accounts in the backend system, that you can also use a SQL statement (in the source-tab of the job) to find the pool of identities you want to assign the system-privilege of the repository to and this will then trigger the creation of the accounts in your ABAP system.

So all you really have to do right now is find a way to pool those users. The creation with the default parameters is the easy part, since you already have that set up.

Regards,

Steffi.

Show replies
Show replies
Former Member
‎06-11-2014 11:36 AM
0 Kudos

Hi Steffi,

All my users are already in IdM with some privileges (PRIV:X.Y.Z)  according to rules engine but still not created in ABAP system (DEV).

So here is what I have:

Test privilege:

PRIV:X.Y.Z

PRIV:DEV:ONLY

SU01 paremters created as constants in the repository system (ABAP DEV)

A task CreateABAPUser with "To Custom" pass as explained in

Questio1: Should I copy the Job CreateABAPUser or only copy the "To Custom" pass ?

Question2: What should be done first:

A- Assign privilges (PRIV:DEV:ONLY)

B- CreateABAPUser

or

B- and A- after ?

many thanks,

Mia

Former Member
‎06-11-2014 11:49 AM
0 Kudos

Hello Mia,

It should be A followed by B.

Assign PRIV:DEV:ONLY -- which triggers the provisioning of users to your DEV system.

Then set the User parametes of SU01 using the job B (I hope this is not from the framework)

If the SU01 parameters are common for all the users, you can change your provisioning job to contain these parameters so that during user provisioning itself the parameters are set.

Steffi, pls correct if I am wrong.

Thanks,

Krishna

Steffi_Warnecke
Active Contributor
‎06-11-2014 12:25 PM
0 Kudos

Hello Mia,

you don't need part B, since this will automatically be triggered through part A. If you assign the system-privilege to a user in IdM, the IdM will create an account in that system for that user.

And since you have already all users in IdM and the default parameters set up in your constants, it should just be a matter of creating a job where you assign the PRIV:DEV:ONLY-privilege to a number of users.

Just test it with one user and if that went okay, put a SQL-statement in the Source-tab of the job, that looks for all the users you want the new system-account created for (e.g. every identity, that has a certain value in a certain field) and the IdM provisioning should do the rest for you.

The most important part (so I repeat it^^): Just test it with one user.

Regards,

Steffi.

Answers (4)

Answers (4)

Former Member
‎06-12-2014 9:24 AM
0 Kudos

Hi Steffi, Krishna, Mohamed,

I added the PRIV:DEV:ONLY to the existing user in IdM and automatically the user was created in DEV ABAP system with all the SU01 parameters as descrited. So I will make an SQL statement for my users to do the same as Source.

Thanks to you all,

Mia

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎06-12-2014 9:34 AM
0 Kudos

You're welcome! Have fun creating the SQL-statement. ^^

Regards,

Steffi.

Former Member
‎06-10-2014 4:41 AM
0 Kudos

Hello Mia,

You can try the below approach.

Stage 1:

1. Create a Job in a folder. Say the folder name "Mass Administration"

2. Create a job Mass user creation, which reads information from CSV and creates the users initailly in       IDM. While user creation set all the required parameters  of SU01 in IDM.

Stage 2:

1. In the same folder " Mass Administration", Create a new job "Mass Privilege/Role assignments". This should read information of assignments for the users from a CSV and do assignment of the privileges in IDM, which will get provisioned to the target system.

You can also have a screen in IDM UI for this where you can upload the file there and submit, so that the users will be created, followed by privilege / business role assignments.

~ Krishna.

Show replies
Show replies
Former Member
‎06-09-2014 6:24 PM
0 Kudos

Hi Mia,

     You can do that in a 2 simpler ways.

1) Directly try adding MASTER PRIVILEGES to those Ids.Which will inturn create the IDs for you if you already have provision set up ( If you choose to go this way, let me know so that I can elaborate on this)

2) If you do not have provisioning set up in the system and want to create Users directly in ABAP system then it can be done in the following way.

All you need to do it get the SU01 data of all the users in a temporary Table ( To add the SU01 data of all the users into the table you may use MS Excel,which will ease the process - If this isn't clear, please ask).

The sample structure of the Table may look something like this

Create Table TempTableUserCreation(LoginID VARCHAR(10),FirstName VARCHAR(10),LastName VARCHAR(10),Email VARCHAR(20))

You may add other attributes also - I have considered only 4 attributes here for example.

     Now you have all the data in the Temporary Table TempTableUserCreation. Now create a ToCustom Pass the source of which will simply be "SELECT * FROMTempTableUserCreation" and destination will be something of this sort.

This should do the Job for you. Do not forget to chose the Repository in the Job which has the above pass.

Thanks and Regards,

Mohamed Fazil

Show replies
Show replies
shah_viraj
Active Participant
‎06-06-2014 1:51 PM
0 Kudos

Hi Mia,

You may use Transaction SU10.

Show replies
Show replies
Former Member
‎06-06-2014 3:39 PM
0 Kudos

Hi Viraj,

We need to assign these users privileges and BR so we have to do that through IDM 7.2.

Mia

Ask a Question