SAP IDM - How to handle SAP roles
I’m working on an IDM project and like many of you I had to solve the issue with SAP roles.
What were the issues in my case:
The first issue was easy to be solved. My solution includes some java scripting, but in simple cases can be handled with several tasks arranged in ordered task group or even with only one task. The idea is as follows:
In order to speed things up I’m using grouping by "operation" for SAP privileges and get pending values in group script. This way I can handle all privileges per operation at once.
There are two ways to get currently attached privileges for person in IDM.
%{VALIDTO!!VALIDFROM!!MSKEYVALUE}MXREF_MX_PRIVILEGE%
This will return VALIDTO, VALIDFROM, MSKEYVALUE and MSKEY of all privileges attached to a person. Of course different set of parameters is possible and for more information please check IDM help. There is a very good explanation there.
The second issue looks hard to implement at first glance, but finally my solution is as follows:
As a conclusion in my scenario the steps are two: first delete old privileges, than add new once. But it is possible in simple cases to merge these two steps in only one. In this case the grouping of privileges will be not by "action", but by "application" and then each pending value might be analyzed if it is for deletion, then remove it from list with already attached privileges and if it is for add –
just add it to this list. At the end of analysis just set the result list in SAP and that is it.
I hope that everything is clear, but if it is not and you want help or you’ve got any remarks or additional questions, don’t hesitate to contact me.
Best Regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
11 | |
8 | |
7 | |
5 | |
4 | |
4 | |
4 | |
3 |