Chat now with support
Chat with Support

Identity Manager 9.3 - Administration Guide for the SAP R/3 Compliance Add-on

SAP functions and identity audit Setting up a synchronization project for synchronizing SAP authorization objects Basics of the authorization check Setting up SAP functions Compliance rules for SAP functions Mitigating controls for SAP functions Configuration parameters for SAP functions Default project template for the SAP R/3 Compliance Add-on Module Referenced SAP R/3 tables and BAPI calls

Assigning function definitions to mitigating controls

Use this task to specify the function definitions for which a mitigating control is valid. You can only assign function definitions that are enabled on the assignment form.

To assign SAP function definitions to mitigating controls

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select the mitigating control in the result list.

  3. Select the Assign function definitions task.

    In the Add assignments pane, assign the function definitions.

    TIP: In the Remove assignments pane, you can remove function definitions assignments.

    To remove an assignment

    • Select the mitigating control and double-click .

  4. Save the changes.
Related topics

Calculating mitigating controls for SAP functions

The reduction in significance of a mitigating control supplies the value by which the risk index of an SAP function is reduced when the control is implemented. One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.

The reduced risk index is calculated from the SAP function and the significance reduced sum of all assigned mitigating controls.

Risk index (reduced) = Risk index - sum significance reductions

If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.

Related topics

Displaying mitigating controls overview for SAP functions

You can display the most important information about a mitigating control on the overview form.

To obtain an overview of a mitigating control

  1. In the Manager, select the Risk Index Functions category.

  2. Select the Mitigating controls category.

  3. Select the mitigating control in the result list.

  4. Select Mitigating control overview category.

Related topics

Configuration parameters for SAP functions

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 29: Configuration parameters for the module

Configuration parameter

Description

TargetSystem | SAPR3 | SAPRights

Preprocessor relevant configuration parameter for controlling component parts for testing authorizations in SAP R/3 using SAP functions. If the parameter is set, the components are available. Changes to the parameter require recompiling the database.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | SAPR3 | SAPRights | AbilityNamePattern

Pattern for creating new names for function arguments. All function arguments within a SAP function must have a unique name. This pattern is used when new names are created for function arguments. {0} is replaced by a number.

It is also possible to use formatting strings.

Example: {0:00} - This adds leading zeros to the numeric part of the generated name.

TargetSystem | SAPR3 | SAPRights | TestWithoutTCD

Checks SAP authorizations without taking SAP applications into account.

The configuration parameter will be deleted in a future version of One Identity Manager and can no longer be set in version 9.3.

The following configuration parameters are also required.

Table 30: Additional configuration parameters

Configuration parameter

Description

QER | CalculateRiskIndex

Preprocessor relevant configuration parameter controlling system components for calculating the risk index. Changes to the parameter require recompiling the database.

If the parameter is enabled, values for the risk index can be entered and calculated.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ComplianceCheck

Preprocessor relevant configuration parameter for controlling the database model components for checking the rule base. Changes to the parameter require recompiling the database. If the parameter is enabled, you can use the model components.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating