time dependencies in role assignments

Former Member · ‎12-06-2007

As the provisioning framework for SAP Systems delievered with the SAP NetWeaver Identity Manager doesn't support time dependencies in role assignments, I wonder if one could not emaluate similiar funcitionality within the Identity Center.

Would it be possible to create a multi value attrbute "Temporarily Assignment" in which one would enter the role names & validation fields of all temporarily assigned roles, and then create a scheduled job (running maybe once a day, at midnight) with a script reading these values of each user and then initiating deprovisioning tasks for each entry which has reached validation date?

Granted, this would be a lot of scripting to do and nobody should be allowed to temper with this attribute via UI. In addition, there will be some issues about adding or deleting <i>some</i> enries in the attribute and not always all, if you not intend to design the workflow in a way that only <i>one</i> date will be used for all roles.

But it should work, shouldn't it?

Frank_Buchholz · ‎12-07-2007

Well, currently the SAP Provisioning Framework does not support time dependant role assignments - at least not in the sense of time dependant role assignments in SAP ABAP systems.

There are several options, how to deal with time dependant role assignments in the Identity Center, however instead of creating some own tricky customer scripts, I suggest to wait until SAP delivers this functionality: This requirement has a high priority for SAP (but we do not publish a delivery date for that functionality yet).

Kind regards

Frank Buchholz

time dependencies in role assignments

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: ABAP2XLSX in an old Abap version

SAP BUILD deployment to production

Re: Connection between SAP SAC and Datasphere

Clearance by virtual account of summary invoices

Re: SAP ADT installation issue