Main data – SAP group (page description)
To open the Main data – SAP group page go to Responsibilities > Auditing > SAP R/3 > Show details > Main data.
On the Main data – SAP group page, you can see the SAP group's main data (see Displaying system entitlement main data).
Enter the following main data:
Table 781: SAP group main data
Name |
Shows you the full, descriptive name of the SAP group. |
Canonical name |
Shows you the automatically generated canonical name of the SAP group. |
Distinguished name |
Shows you the automatically generated distinguished name of the SAP group. |
Display name |
Shows you the name of the SAP group used to display SAP group in the One Identity Manager tools. |
Container |
Shows you the parent container of the SAP group. |
Service item |
Shows you the assigned service items. |
Category |
Shows you the category for SAP group inheritance.
User accounts can inherit SAP groups selectively. To do this, SAP groups and user accounts are divided into categories. |
Description |
Shows you the SAP group's description. |
Risk index |
Shows you the configured risk index.
This value specifies the risk of assigning this SAP group to a user account.
For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
IT shop |
Shows you whether the SAP group can be requested in the IT Shop. If set, the SAP group can be requested by identities using the Web Portal and granted through a defined approval process. The SAP group can still be assigned directly to identities and hierarchical roles.
For detailed information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
Only use in IT Shop |
Shows you whether the SAP group can only be requested through the IT Shop. If set, the SAP group can be requested by identities using the Web Portal and granted through a defined approval process. You cannot assign an SAP group to hierarchical roles directly. |
Memberships – SAP group (page description)
To open the Memberships – SAP group page go to Responsibilities > Auditing > SAP R/3 > Show details > Memberships.
On the Memberships - SAP group page, you can see identities to which the SAP group is assigned (see Displaying memberships in system entitlements).
The following table gives an overview of the different content on the Memberships – SAP group page.
Table 782: Columns
Identity |
Shows you the name of the identity to which the SAP group is assigned. |
Origin |
Shows whether the SAP group is assigned directly or indirectly to the employee. |
TIP: For each identity, you can see more useful information in the details pane. To do this, click the appropriate instance in the list. If the identity obtained the membership through a request, you will find more information on the following tabs on the Request tab:
-
Information: Displays general information about a request. The information displayed varies and is dependent on the service category from which the request was triggered.
-
Workflow: Displays the life cycle chronologically as from the time of request.
-
Compliance: Displays possible rule violations for this request.
-
Entitlements: Show which entitlement are assigned to the role (if a role was requested).
TIP: You can show less data by using the column filters. For more information, see Filtering.
Attestations – SAP group (page description)
To open the Attestation – SAP group page go to Responsibilities > Auditing > SAP R/3 > Show details > Attestation.
On the Attestation – SAP group page, you can:
The following tables give you an overview of the various features and content on the Attestation - SAP group page.
Table 785: Columns
Display name |
Shows the name of the object included in the attestation case. |
Attestation policy |
Shows the name of the attestation policy in use. |
State |
Shows the current status of the attestation case.
The following status' are possible:
-
Pending: The attestation case is not closed yet and must still be approved.
-
Approved: The attestation case was approved. In the details pane, on the Workflow tab, you can see why the attestation case was granted approval.
-
Denied: The attestation case was denied. In the details pane, on the Workflow tab, you can see why the attestation case was denied approval. |
New |
Shows whether the attestation case is new. New cases have not been granted approval yet but might have been denied approval before. |
Due date |
Shows by when the attestation case must be completed. |
Risk index |
Show the attestation case's risk index. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
History – SAP group (page description)
To open the History – SAP group page go to Responsibilities > Auditing > SAP R/3 > Show details > History.
On the History – SAP group page, you can see all the changes made to the SAP group (see System entitlement history).
NOTE: Which changes are shown depends on your system's configuration.
The information is divided out on to three tabs:
-
Events: Shows all the events, which affect a system entitlement, either on a timeline or in a table.
TIP: To navigate along the timeline, click in the pane and move the mouse left or right whilst holding down the left button.
To zoom in or out, turn the mouse wheel.
-
Status overview: Shows an overview of all assignments. It also shows how long each change was valid for. Use the status overview to track when changes were made and by whom. This way, you not only see the initial and current status but you also see all the steps in between.
-
Status comparison: You can select a date and display all the changes made from then until now. You can also show what the value of the property was at the selected point in time and what the value is now.
The following tables give you an overview of the different functions and content on the History – SAP R/3 page.
Table 787: Controls in the details pane of a change
Compare |
Opens the Status comparison tab.
Use this button to show all the changes that were made from the selected point in time until now. You can also show what the value of the property was at the selected point in time and what the value is now. |
Table 788: Columns
Events (table view) |
Change type |
Shows the type of change. |
Property |
Shows the name of the property that was changed. |
Display |
Shows the value that was changed. For example, the name of a department. |
Date |
Shows the date the change was made. |
User |
Shows the user that made the change. |
Status overview |
Display |
Shows the type of change. |
Property |
Shows the name of the property that was changed. |
Value |
Shows the value that was changed. For example, the name of a department. |
Run started |
Shows when the change was made. |
End |
Shows for how long the changed value applied or whether it is currently in use. |
Status comparison |
Modified |
Show whether the change took place or not. |
Change type |
Shows the type of change. |
Object type |
Show the type of object involved in the change. |
Property |
Show the name of the object that was changed. |
Historical value |
Shows the value before the change was made. |
Current value |
Shows the value that is currently in use. |
TIP: You can show less data by using the column filters. For more information, see Filtering.