- SAP Managed Tags:
Ariba Security User Management
Introduction
Scope
- Ariba user management
- User creation using UI process
- User creation using the CSV export/Import
- Ariba groups for Contracts and Auctions
Who needs a user account?
Anyone who will:
- Log into Ariba Upstream applications in a Suite Integrated Realm
- Log into Ariba Downstream to Create or approve transactions in P2P
Ariba Landscape Strategy – All ERPs
Ariba User creation
- Ariba user can by created by UI or CSV import using the data load
- All the users has to be created both in Parent and Child Realms
- Only Administrators or User admin can create users in the Ariba system
- Permissions or access to perform system functions, are granted via user group assignments
- Current preferred option for client is do the user creation with CSV import
Customer Administrator
- Most powerful group in the system
- Special group with system administration permissions, including data import/export
- Each customer should designate a small number of well-trained users to fill this role
- Customer Administrator is able to see all transactional data in the system
Customer User Admin
- Manages Users and Groups
- Generates Passwords
- Manages profile requests
- Manage Delegations on behalf of other users
Ariba System Details
- Ariba Test system link
- Ariba Production system link
Ariba User creation with UI
Step1: Login to Ariba.
Step2: click Manage >> Core- Administrator (Child)
Step3: User Manager >> User
- In the UI the “Defined By” field shows:
“AribaManaged” if created directly in UI.
“External” if created by data load via CSV file.
- Always create the user as external so that the user can be maintained by UI or with CSV in future
Step4: Click on “Create User” button and fill out all required info.
- User Id, Name, Email Id and Supervisor are required fields.
- Now we need to repeat the previous steps in the Parent realm aswell
Step5: Click “Site” >> “XXXXXXX-T” ( notice earlier site was showing “XXXXX Child-T” is changed to “XXXXXXX-T”, it means now you are navigated to Parent realm, this option is only available for system Admins who does the user and catalog data into the system)
- System will link the child user ID with parent User ID.
- Note: thru UI user creation we first create the user in child and then in parent, incase of csv file we first load it in parent and wait 15 (to replicate the user in child ) and load it in child
- The Groups need to be assigned to the user only in Parent realm with the following steps as part of the user creation
Step6: Click on “Groups” tab and select the required roles
Step7: Click on “Invitation” tab and select the checkbox for generating the password and send the login details to user.
Ariba User creation with CSV
- Step1: click Manage >> Core- Administrator (Parent)
- Step2: Integration Manager >> Data Export/Import and search for respective load events
- Step3: Fill in the User consolidated file with the required fields and upload the file for option Import User Data (Consolidated File)
- Step4: Fill in the Group consolidated file with the required fields and upload the file with option Import User to Group Mapping Data (Consolidated File)
Ariba SSO Architecture
System Groups vs Custom groups
System groups (also called “Default” or “Out-of-the-box groups”
- Preloaded in the Ariba solution with a hard-coded set of permissions/restrictions
- Impossible to modify or add/remove permissions
How are Custom Groups used?
- Based on specific customer requirements
- Have no rights per se, no permissions are associated with custom groups.
- Must be mapped to one or multiple system groups, in order to inherit a custom set of permissions
- Utilized for: approval routing; occasionally for customization purposes (validations, field visibility, etc.)
- Can be used for Catalog Views, even without mapping to system groups
- It’s possible to map custom groups to other custom groups
Upstream Roles
3 Comments
