Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 Environments Setting up SAP R/3 Synchronization Base Data for Managing SAP R/3 SAP Systems SAP Clients SAP User Accounts SAP Groups, SAP Roles and SAP Profiles SAP Products Providing System Measurement Data Reports about SAP Systems Appendix: Configuration Parameters for Managing an SAP R/3 Environment Appendix: Default Project Templates for Synchronizing an SAP R/3 Environment Appendix: Referenced SAP R/3 Tables and BAPI Calls Appendix: Example of a Schema Extension File

Deleting an Account Definition

Deleting an Account Definition

You can delete account definitions if they are not assigned to target systems, employees, hierarchical roles or any other account definitions.

NOTE: If an account definition is deleted, the user accounts arising from this account definition are deleted.

To delete an account definition

  1. Remove automatic assignments of the account definition from all employees.
    1. Select the category SAP R/3 | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Change master data in the task view.
    4. Disable the option Automatic assignment to employees on the General tab.
    5. Save the changes.
  2. Remove direct assignments of the account definition to employees.
    1. Select the category SAP R/3 | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Assign to employees in the task view.
    4. Remove employees from Remove assignments.
    5. Save the changes.
  3. Remove the account definition's assignments to departments, cost centers and locations.
    1. Select the category SAP R/3 | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Assign organizations.
    4. Remove the account definition's assignments to departments, cost centers and locations in Remove assignments.
    5. Save the changes.
  4. Remove the account definition's assignments to business roles.
    1. Select the category SAP R/3 | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Assign business roles in the task view.

      Remove business roles from Remove assignments.

    4. Save the changes.
  5. If the account definition was requested through the IT Shop, it must be canceled and removed from all IT Shop shelves. For more detailed information, see the .One Identity Manager IT Shop Administration Guide
  6. Remove the account definition assignment as required account definition for another account definition. As long as the account definition is required for another account definition, it cannot be deleted. Check all the account definitions.
    1. Select the category SAP R/3 | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Select Change master data in the task view.
    4. Remove the account definition from the Required account definition menu.
    5. Save the changes.
  7. Remove the account definition's assignments to target systems.
    1. Select the client in the category SAP R/3 | Clients.
    2. Select Change master data in the task view.
    3. Remove the assigned account definitions on the General tab.
    4. Save the changes.
  8. Delete the account definition.
    1. Select the category SAP R/3 | Basic configuration data | Account definitions | Account definitions.

    2. Select an account definition in the result list.
    3. Click , to delete the account definition.

Basic Data for User Account Administration

The One Identity Manager supplies the following basic data for user administration, by default:

Other basic data is read from SAP R/3 during synchronization, if configured, and cannot be editing in One Identity Manager. This merely allows assignment to an SAP user account. These include:

Certain user account properties can be defined as default for all user accounts through the configuration settings. These include:

User Account Types

User Account Types

The user account types are available in One Identity Manager by default. SAP R/3 recognizes the user account types listed below.

Table 29: User Account Types
User account type Meaning
Dialog (A) Dialog user in a system.
System (B) Background processing within an system.
Communication (C) Communication between systems without a dialog.
Service (S) Common user account for anonymous system access, for example.

User account of this type should have heavily restricted access permissions.

Reference (L) Common user account for additional granting of permissions.

The default user account type for new user accounts is specified in the configuration parameter "TargetSystem\SAPR3\UserDefaults\Ustyp".

To modify the default user account type

  • Edit the value of the configuration parameter "TargetSystem\SAPR3\UserDefaults\Ustyp" in the Designer.

External Identifier Types

External Identifier Types

External authentication methods for logging on to a system can be used in SAP R/3. The One Identity Manager supplies the following types as user identifiers to find the login data necessary for different authentication mechanisms for external systems on an SAP system:

Table 30: External identifier types
Type Description
DN Distinguished Name for X.509.
NT Windows NTLM or password verification with the Windows domain controller.
LD LDAP bind <user defined> (For other external authentication mechanisms).
SA SAML Token.

To specify a default type for external identifiers

  • Set the configuration parameter "TargetSystem\SAPR3\UserDefaults\ExtID_Type" in the Designer and specify a value.
Related Documents