cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identity Management at Customer Site

Former Member

on ‎05-28-2015 11:20 AM

0 Kudos

Hi,

  We have a requirement to collect all the user names available in the customer site. I could understand that CUA is for ABAP systems and IDM is for both ABAP and non-ABAP systems.

In the thread: , it has been clearly mentioned to pull the users from IDM 7.1.

Question:

1. How do we make out is that the customer has installed IDM at his place or not ?  Is there any ABAP/HANA API to check this?

2. Above mentioned thread is for pulling the users from IDM 7.1. What about the other versions of IDM? Is there any general query that can be applied to all the versions of IDM?

Thanks

Gayathri

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎05-30-2015 4:17 PM
0 Kudos

Hi Gayatri

If customer has single authentic source for maintaining user information (ex. IDM , hr system or active directory) then required user data can be pulled from that system to  determine all active users in the organisation to develop chat application you mentioned.

I believe user would atleast have hr system (SAP HCM, people soft , success factor etc.) which can be used as authentic source of system to determine user information.

As to develop chat application you would not need to have users authorization data so IDM may not be required.

Let me know if you have further questions.

Regards,

Pradeep

Show replies
Show replies
Ckumar
Contributor
‎05-29-2015 1:03 PM
0 Kudos

Hi Gayathri,

To retrieve the Users and corresponding assigned roles, you can also use the below query in 7.2

Select A.mskey, A.mcvalue as Userid, B.mcvalue as AssignedRoles from idmv_vallink_basic_active A, idmv_vallink_basic_active B

where A.mcattrname='MSKEYVALUE' and B.mcattrname='MXREF_MX_ROLE' and A.mskey=B.mskey

Regards,

C Kumar

Show replies
Show replies
former_member2987
Active Contributor
‎05-28-2015 2:20 PM
0 Kudos

Hi Gayathri,

To answer your questions:

1. IDM is not integrated to that level with HANA or Solman.  A BASIS person could check to see if the IDM Java apps are in NetWeaver, but I can't think of any other way.

2. The database schemas for 7.1 and 7.2 are different so there is no one query that works for both. If you are dealing with 7.2, I would suggest a query like:

select MSKEY, AttrName,SearchValue from idmv_value_ext_active where IS_ID=1 and  mskey in (select mskey from idmv_value_ext_active where AttrName='MX_ENTRYTYPE' and SearchValue='MX_PERSON')

This assumes that the Productive Identity Store (as opposed to one being used by the HCM integration) is 1.

I'd suggest taking a look at some of the architecture and install documentation to get a better idea of what you would specifically need for the version of IDM you are encountering or plan to implement.

Good luck!

Matt

Show replies
Show replies
Former Member
‎05-28-2015 5:45 PM
0 Kudos

Hi Matt,

  Thanks for the fast reply.  We are planning to build a chat application in UI5, wherein we are trying

to pull the users from different ABAP systems + active directory + non-ABAP systems. As far as I understand from your reply , I see that this is not possible if the customer does not have IDM. Is that you see any other option here ( other than having a FM : BAPI_USER_GETLIST to get the list of users in ABAP system + having a javascript to fetch the users from AD ).

Thanks

Gayathri

former_member2987
Active Contributor
‎05-28-2015 9:22 PM
0 Kudos

Hi Gayarti,

Yes, you will need some sort of means of having identity information.  IDM is the best way to bring this all together in a SAP Enterprise configuration.  CUA, GRC, and UME would be other possibilities, but all don't scale in one way or another.

Thanks,

Matt

PS - If my previous answer was correct, please mark it so that others can benefit as well

Ask a Question