• How does SAP Identity Manager generate reports? Access to each resource? Work out the ID-Center Database? If the latter: This would not be SOX compliant, is it?

-> The reports are generated inside of the Identity Center. The connected target systemes are not touched during creation of reports. The reports are the basis for SOX comliance, however you may need additional reports generated in the target systems to prove, that the local data matches the centrally stored data.

• Which reports are possible? Is there a set of predefined reports?

-> There are tree types of reports:

1. Reports showing actual data

There are predefined templates for identities, line managers, roles and privileges.

2. Reports showing historical data

A complete audit trail about events, requests, approvals, provisioning tasks and changed data is available to produce reports about historical data.

3. Reports documenting the system configuration.

• Suppose, you trigger an access log audit report on resource A. I assume, the web-application for managing the report generation is not persistent, right? Is there a schedule configuration interface for offline report generation planning?

-> You can request reports online as well as producing reports offline. The dispatcher configuration enables scalability.

• What about IdM-related tasks, where users have access to different repositories (think on some complicated provisioning tasks). Action logging is done where? At the repository or in Identity Center. How and where are reports to these tasks generated?

-> Action logging takes place in the Idenitity Center (of course target systems like ABAP systems create change records, too, which shows that the Identity Center had initiated the change.)

Kind regards

Frank Buchholz

SAP NetWeaver Identity Management