サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2.1 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

SAP systems

NOTE: The Synchronization Editor sets up the SAP systems in the One Identity Manager database.

To edit an SAP system's main data

  1. Select the SAP R/3 > Systems category.
  2. Select an SAP system in the result list and run the Change main data task.
  3. Edit the system's main data.
  4. Save the changes.
Table 35: Main data for an SAP system
Property Description
Display name The SAP system's display name.
System number The SAP system number.
System measurement enabled Specifies whether system measurement for this system is carried out. One Identity Manager provides the measurement data but the actual system measurement takes place in the SAP R/3 environment.
Related topics

SAP clients

NOTE: The Synchronization Editor sets up the clients in the One Identity Manager database.

To edit client main data

  1. Select the SAP R/3 > Clients category.
  2. Select the client in the result list. Select the Change main data task.
  3. Edit the client's main data.
  4. Save the changes.

General main data of SAP clients

Enter the following general main data on the General tab.

Table 36: General main data of a client

Property

Description

Client no.

Number of the client.

Name

Client's name.

System

System to which the client belongs.

Canonical name

Client's canonical name.

Company

Company for which the client is set up. The company given here is used when a new user account is set up.

City

City where company resides.

Has user administration

Specifies whether the client is used for user administration.

If this option is set, the most significant license of the user account is used for system measurement.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of identities to user accounts is used for this client and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the identity (Linked) if no account definition is given. This is the case on initial synchronization, for example.

NOTE: If the CUAClosed status Child is assigned, no account definition should be assigned.

Target system managers

Application role, in which target system managers are specified for the client. Target system managers only edit the objects from clients to which they are assigned. A different target system manager can be assigned to each client.

Select the One Identity Manager application role whose members are responsible for administration of this client. Use the button to add a new application role.

Synchronized by

NOTE: You can only specify the synchronization type when adding a new client. No changes can be made after saving.

If you create a client with the Synchronization Editor, One Identity Manager is used.

Type of synchronization through which data is synchronized between the client and One Identity Manager. Once objects are available for this client in One Identity Manager, the type of synchronization can no longer be changed.

If you create a client with the Synchronization Editor, One Identity Manager is used.

Table 37: Permitted values
Value Synchronization by Provisioned by
One Identity Manager SAP R/3 connector SAP R/3 connector
No synchronization none none
NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system.

ALE name

Name used to map the client as logical system in the SAP distribution model.

ALE model name

Name of the SAP distribution model that maps the relation between the logical systems of the central user administration. SAP roles and profiles of all child systems with the same ALE model name as the central system, are synchronized when the central system is synchronized.

CUA status

Client usage when the central user administration is in use. Possible values are Central and Child.

The value None indicates that the client is not being used in a central user administration.

CUA central system

Central system to which the client belongs. Assign the relevant system for clients with the CUA status Child.

Description

Text field for additional explanation.
Related topics

Specifying categories for inheriting SAP groups, SAP roles, and SAP profiles

NOTE: In order to easy understanding the behavior is described with respect to SAP groups in this section. It applies in the same way to roles and profiles.

In One Identity Manager, user accounts can selectively inherit groups. To do this, groups and user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The mapping rule contains different tables. Use the user account table to specify categories for target system dependent user accounts. Each table contains the category positions position 1 to position 63.

NOTE: If central user administration is implemented, define the categories in the central system as well as in the child system. The same categories must be defined in the child system as in the central system so that groups from a child system can be inherited by user accounts.

To define a category

  1. In the Manager, select the client in the SAP R/3 > Clients category.

  2. Select the Change main data task.

  3. Switch to the Mapping rule category tab.

  4. Extend the relevant roots of a table.

  5. To enable the category, double-click .

  6. Enter a category name of your choice for user accounts and groups in the login language that you use.

  7. Save the changes.
Detailed information about this topic
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択