Converse agora com nosso suporte
Chat com o suporte

Identity Manager 9.1 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Assigning account definitions to employees

Account definitions are assigned to company employees.

Indirect assignment is the default method for assigning account definitions to employees. Account definitions are assigned to departments, cost centers, locations, or roles. The employees are categorized into these departments, cost centers, locations, or roles depending on their function in the company and thus obtain their account definitions. To react quickly to special requests, you can assign individual account definitions directly to employees.

You can automatically assign special account definitions to all company employees. It is possible to assign account definitions to the IT Shop as requestable products. Department managers can then request user accounts from the Web Portal for their staff. It is also possible to add account definitions to system roles. These system roles can be assigned to employees through hierarchical roles or added directly to the IT Shop as products.

In the One Identity Manager default installation, the processes are checked at the start to see if the employee already has a user account in the target system that has an account definition. If no user account exists, a new user account is created with the account definition’s default manage level.

NOTE: If a user account already exists and is disabled, then it is re-enabled. In this case, you must change the user account manage level afterward.

NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the account definition assignment is removed, the user account that was created from this account definition, is deleted.

Prerequisites for indirect assignment of account definitions to employees

  • Assignment of employees and account definitions is permitted for role classes (departments, cost centers, locations, or business roles).

ClosedAllow assignments to role classes of departments, cost centers, locations, or roles

For more information about preparing role classes to be assigned, see the One Identity Manager Identity Management Base Module Administration Guide.

Detailed information about this topic

Assigning account definitions to departments, cost centers, and locations

To add account definitions to hierarchical roles

  1. In the Manager, select the SAP R/3 > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

Assigning account definitions to business roles

NOTE: This function is only available if the Business Roles Module is installed.

To add account definitions to hierarchical roles

  1. In the Manager, select the SAP R/3 > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

Assigning account definitions to all employees

Use this task to assign the account definition to all internal employees. Employees that are marked as external do not obtain this account definition. Once a new internal employee is created, they automatically obtain this account definition. The assignment is calculated by the DBQueue Processor.

IMPORTANT: Only run this task if you can ensure that all current internal employees in the database and all pending newly added internal employees obtain a user account in this target system.

To assign an account definition to all employees

  1. In the Manager, select the SAP R/3 > Basic configuration data > Account definitions > Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Change main data task.

  4. Select the Disable automatic assignment to employees task.

  5. Confirm the security prompt with Yes.

  6. Save the changes.

NOTE: To automatically remove the account definition assignment from all employees, run the Disable automatic assignment to employees task. The account definition cannot be reassigned to employees from this point on. Existing assignments remain intact.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação