cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Delete SAP-Role using SAP IDM

Former Member

on ‎09-07-2016 10:32 AM

0 Kudos

Hi experts,

we have an current topic regarding the use of SAP IDM to delete SAP-Roles.

Current situation:

At the moment we use recon jobs from abap and active directory to get new objects and relations to SAP IDM. What could happen is that an administrator deletes an SAP-Role in ABAP or a Group in Active Directory. In SAP IDM nothing happens because there is no new object and no new relations.

What we want to do:

We want to handle that topic using IDM. For example a UI-Task "Delete privilege in the target system".

Problem:

There is no Plugin-Task for deleting an SAP-Role (what I expected, that there is something like an ACCOUNT_ATTRIBUTE for an "MX_PRIVILEGE" object, refering to the repository) and when I remove it the privilege is removed in the target system but not in SAP IDM. I cannot find anything like that. One solution is to do it also in the recon-jobs to identify the missing objects and react to it, but we what to deactivate the recon jobs in the future.

Any ideas? THX

Matthias

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Steffi_Warnecke
Active Contributor
‎09-07-2016 10:42 AM
0 Kudos

Hello Matthias,

we use the delta handling of the job, that reads new sap roles into IDM, to delete SAP roles in IDM, that are no longer present in the ABAP backend.

We don't have a task/UI mask, though, to trigger that actively. Role management happens directly in the backend. We only do user-role management through IDM.

Regards,

Steffi.

Show replies
Show replies
Former Member
‎09-07-2016 11:50 AM
0 Kudos

Hello Steffi,

thats a good idea!

Thank you

Ask a Question