cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP IDM und SAP BPC

Former Member

on ‎03-16-2016 8:22 AM

0 Kudos

Hi all,

at my customer we're facing the SAP BPC (Business Planning & Consolidation) for a connection to SAP IDM.

Unfortunately, there is no standard connector directly for BPC, and we cannot use the ABAP connector, as BPC is writing some entries to special tables when changing any user rights in addition to some normal ABAP roles.

Is there anybody who has experiences with connecting SAP BPC to SAP IDM?

Thanks for your help!

Achim Heinekamp

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

clotilde_martinez
Participant
‎03-24-2016 2:00 PM
0 Kudos

Hi Achim,

We integrated twice a BPC system to SAP IDM.

We did it two different ways :

- for one, we just modified the standard ABAP connector to integrate the delta handling (following this blog : )

- for the other, we did the delta and a reconciliation every few hours to write back all assignments given directly in BPC into IDM.

From what i understood about BPC, a kind of "profile" is generated in the su01 everytime we give a role in the java part so IDM has no way of knowing what it is, that's why we needed to reconciliate.

Regards,

Clotilde

Show replies
Show replies
youssef_anegay3
Explorer
‎03-23-2016 4:44 PM
0 Kudos

hello Achim

We have an BPC  on HANA connected to our IdM 7.2 system. Basically, we handle the creation of users and the attribution of the necessary roles to show up in the environment shell via IdM. But then, our BPC security team handles the BPC roles through the BPC environment shell.

In order to have the generated roles in IdM synchronized in IdM, i run an automatic initial load 4 times a day... haven't found a better solution yet unfortunately

BR

Y.

Show replies
Show replies
Former Member
‎03-16-2016 10:10 AM
0 Kudos

Hi Jai,

thanks for your answer and the link. as far as I know, BPC writes down some information into some special tables (Tables with "UJ" as a prefix) to fulfill the customers requirements to regulate the access rights in more details then only using ABAP-Roles.

Please have a at this link:

Assign SAP BPC Authorizations via SAP GRC AC

I'll check both documents and may be I find a proper solution for this.

Kind regards,

Achim Heinekamp

Show replies
Show replies
jaisuryan
Active Contributor
‎03-22-2016 3:15 AM
0 Kudos

Hi Achim,

The document you provided describes how SAP BPC Security concepts are handled. Once security team creates the role in BPC, their corresponding back end roles are available in BW system.

After that run the BW repository update load job to read new BPC (available in BW system) roles into IDM.

Then if you assign the BPC (BW) privilege to any user in IDM, it will use existing ABAP connector to assign the role in BW system which in turn grants access to BPC system.

Kind regards,

Jai

jaisuryan
Active Contributor
‎03-16-2016 8:51 AM
0 Kudos

Hi Achim,

I have never connected SAP IDM with SAP BPC directly. But in all my projects, SAP BPC accesses are mapped to SAP BW roles and we provision to SAP BW via IDM using standard ABAP connector.

Please check with respective team if they are planning for any integration of that sort.

Edit:

I just skimmed thru google to read about BPC. Seems like it's an add-on on BW server and uses same security concepts as any ABAP server. Any roles you create via frontend is automatically created in backend BW system with a standard naming convention. So creating users and assigning roles in BW system should grant access to BPC components. Please let us know what exactly you are looking for?

Security guide for BPC

Kind regards,

Jai

Message was edited by: Jai Suryan

Show replies
Show replies
Ask a Question