Chat now with support
Chat with Support

Identity Manager 8.1.5 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP systems Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

User account types

The user account types are available in One Identity Manager by default. SAP R/3 recognizes the user account types listed below.

Table 30: User account types
User account type Meaning
Dialog (A) Dialog user in a system.
System (B) Background processing within a system.
Communication (C) Communication between systems without a dialog.
Service (S) Common user account for anonymous system access, for example.

User account of this type should have heavily restricted access permissions.

Reference (L) Common user account for additional granting of permissions.

The default user account type for new user accounts is specified in "TargetSystem | SAPR3 | UserDefaults | Ustyp".

To modify the default user account type

  • In the Designer, edit the value of "TargetSystem | SAPR3 | UserDefaults | Ustyp".

External identifier types

External authentication methods for logging in to a system can be used in SAP R/3. One Identity Manager supplies the following types as user identifiers to find the login data necessary for different authentication mechanisms for external systems on an SAP system:

Table 31: External identifier types
Type Description
DN Distinguished Name for X.509.
NT Windows NTLM or password verification with the Windows domain controller.
LD LDAP bind <user-defined> (For other external authentication mechanisms).
SA SAML Token.

To specify a default type for external identifiers

  • In the Designer, set the "TargetSystem | SAPR3 | UserDefaults | ExtID_Type" configuration parameter and specify a value.

SAP parameters

Parameters can be loaded into the One Identity Manager database by synchronization and be either directly or indirectly assigned to user accounts. In the case of indirect assignment, employees and parameters are arranged in hierarchical roles. The number of parameters assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and that employee owns a user account, the parameter is assigned to the user account.

Prerequisites for assigning employees to user accounts are:

  • Assignment of employees and SAP parameters is permitted for role classes (departments, cost centers, locations, or business roles).
  • User accounts and parameters belong to the same SAP system.

A different parameter value can be specified for each hierarchical role that is assigned a parameter. Thus, the parameter values are also inherited by the user account. You can use membership in hierarchical roles to control which parameter values the parameter obtain from the user account.

Detailed information about this topic
Related topics

Displaying master data for SAP parameters

To display the properties of a parameter

  1. In the Manager, select the SAP R/3 | Parameters category.
  2. Select the parameter in the result list.
  3. Select the Change master data task.

To obtain an overview of a parameter

  1. In the Manager, select the SAP R/3 | Parameters category.
  2. Select the parameter in the result list.
  3. Select the Parameter overview task.

On the parameter’s overview form, you can click the assigned user account to open the user account’s master data form. You can adjust the values of the parameters that modify this assignment.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating