Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.2 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Assigning account definitions to identities

Account definitions are assigned to company identities.

Indirect assignment is the default method for assigning account definitions to identities. Account definitions are assigned to departments, cost centers, locations, or roles. The identities are categorized into these departments, cost centers, locations, or roles depending on their function in the company and thus obtain their account definitions. To react quickly to special requests, you can assign individual account definitions directly to identities.

You can automatically assign special account definitions to all company identities. It is possible to assign account definitions to the IT Shop as requestable products. Department managers can then request user accounts from the Web Portal for their staff. It is also possible to add account definitions to system roles. These system roles can be assigned to identities through hierarchical roles or added directly to the IT Shop as products.

In the One Identity Manager default installation, the processes are checked at the start to see if the identity already has a user account in the target system that has an account definition. If no user account exists, a new user account is created with the account definition’s default manage level.

NOTE: If a user account already exists and is disabled, then it is re-enabled. In this case, you must change the user account manage level afterward.

NOTE: As long as an account definition for an identity is valid, the identity retains the user account that was created by it. If the account definition assignment is removed, the user account that was created from this account definition, is deleted. User accounts marked as Outstanding are only deleted if the QER | Person | User | DeleteOptions | DeleteOutstanding configuration parameter is set.

Prerequisites for indirect assignment of account definitions to identities

  • Assignment of identities and account definitions is permitted for role classes (departments, cost centers, locations, or business roles).

ClosedAllow assignments to role classes of departments, cost centers, locations, or roles

For more information about preparing role classes to be assigned, see the One Identity Manager Identity Management Base Module Administration Guide.

Detailed information about this topic

Assigning account definitions to departments, cost centers, and locations

Assign account definitions to departments, cost centers, and locations in order to assign identities to them through these organizations.

To add account definitions to hierarchical roles

  1. In the Manager, select the SAP R/3 > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

Assigning account definitions to business roles

NOTE: This function is only available if the Business Roles Module is installed.

You can assign account definitions to business roles in order to assign them to identities through business roles.

To add account definitions to hierarchical roles

  1. In the Manager, select the SAP R/3 > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

Assigning account definitions to all identities

Use this task to assign the account definition to all internal identities. Identities that are marked as external do not obtain this account definition. Once a new internal identity is created, they automatically obtain this account definition. The assignment is calculated by the DBQueue Processor.

IMPORTANT: Only run this task if you can ensure that all current internal identities in the database and all pending newly added internal identities obtain a user account in this target system.

To assign an account definition to all identities

  1. In the Manager, select the SAP R/3 > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Change main data task.

  4. Select the Disable automatic assignment to identities task.

  5. Confirm the security prompt with Yes.

  6. Save the changes.

NOTE: To automatically remove the account definition assignment from all identities, run the Disable automatic assignment to identities task. The account definition cannot be reassigned to identities from this point on. Existing assignments remain intact.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione