Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 Environments Setting up SAP R/3 Synchronization Base Data for Managing SAP R/3 SAP Systems SAP Clients SAP User Accounts SAP Groups, SAP Roles and SAP Profiles SAP Products Providing System Measurement Data Reports about SAP Systems Appendix: Configuration Parameters for Managing an SAP R/3 Environment Appendix: Default Project Templates for Synchronizing an SAP R/3 Environment Appendix: Referenced SAP R/3 Tables and BAPI Calls Appendix: Example of a Schema Extension File

Target system managers

Target System Managers

For more detailed information about implementing and editing application roles, see the One Identity Manager Application Roles Administration Guide.

Implementing Application Roles for Target System Managers
  1. The One Identity Manager administrator assigns employees to be target system managers.
  2. These target system managers add employees to the default application role for target system managers.

    The default application role target system managers are entitled to edit all clients in One Identity Manager.

  3. Target system managers can authorize more employees as target system managers, within their scope of responsibilities and create other child application roles and assign individual clients.
Table 41: Default Application Roles for Target System Managers
User Task

Target SystemClosed Managers

 

Target system managers must be assigned to the application role Target systems | SAP R/3 or a sub application role.

Users with this application role:

  • Assume administrative tasks for the target system.
  • Create, change or delete target system objects, like user accounts or groups.
  • Edit password policies for the target system.
  • Prepare system entitlements for adding to the IT Shop.
  • Configure synchronization in the Synchronization EditorClosed and defines the mapping for comparing target systems and One Identity Manager.
  • Edit the synchronization's target system types and outstanding objects.
  • Authorize other employees within their area of responsibility as target system managers and create child application roles if required.

To initially specify employees to be target system administrators

  1. Log in to the Manager as One Identity Manager administrator (application role Base role | Administrators)
  2. Select the category One Identity Manager Administration | Target systems | Administrators.
  3. Select Assign employees in the task view.
  4. Assign the employee you want and save the changes.

To add the first employees to the default application as target system managers.

  1. Log yourself into the Manager as target system administrator (application role Target systems | Administrator).
  2. Select the category One Identity Manager Administration | Target systems | SAP R/3.
  3. Select Assign employees in the task view.
  4. Assign the employees you want and save the changes.

To authorize other employees as target system managers when you are a target system manager

  1. Login to the Manager as target system manager.
  2. Select the application role in the category SAP R/3 | Basic configuration data | Target system managers.
  3. Select Assign employees in the task view.
  4. Assign the employees you want and save the changes.

To define target system managers for individual clients.

  1. Login to the Manager as target system manager.
  2. Select the category SAP R/3 | Clients.
  3. Select the client from the result list.
  4. Select Change master data in the task view.
  5. Select the application role on the General tab in the Target system manager menu.

    - OR -

    Click next to the Target system manager menu to create a new application role.

    • Enter the application role name and assign the parent application role Target system | SAP R/3.
    • Click OK to add the new application role.
  6. Save the changes.
  7. Assign the application role to employees, who are authorized to edit the client in One Identity Manager.
Related Topics

SAP Systems

SAP Systems

Note: The Synchronization EditorClosed sets up SAP systems in the One Identity Manager database.

To edit an SAP system's master data

  1. Select the category SAP R/3 | Systems.
  2. Select an SAP system in the result list and run the task Change master data.
  3. Edit the system's master data.
  4. Save the changes.
Table 42: Master Data for an SAP System
Property Description
Display name The SAP system's display name.
System number The SAP system number.
System measurement enabled Specifies whether system measurement for this system is carried out. One Identity Manager provides the measurement data but the actual system measurement takes place in the SAP R/3 environment.
Related Topics

SAP Clients

SAP Clients

Note: One Identity Manager sets up the clients in the Synchronization EditorClosed database.

To edit client master data

  1. Select the category SAP R/3 | Clients.
  2. Select the client from the result list. Select Change master data in the task view.
  3. Edit the client's master data.
  4. Save the changes.

General Master Data for a SAP Client

General Master Data for an SAP Client

Enter the following general data on the General tab.

Table 43: General Master Data for a Client
Property Description
Client no. Number of the client.
Name Client's name.
System System to which the client belongs.
Canonical name Client's canonical name.
Company Company for which the client is set up. The company given here is used when a new user account is set up.
City City where company resides.
Has user administration Specifies whether the client is used for user administration.
Account definition (initial)

Initial account definition for creating user accounts. These account definitions are used if automatic assignment of employees to user account is used for this domain resulting in administered user accounts (state "Linked configured"). The account definition's default manage level is applied.

User accounts are only linked to the employee (state "Linked") if no account definition is given. This is the case on initial synchronization, for example.

NOTE: The account definition can only be assigned if no CUAClosed status is entered or CUA status "central system" is assigned.
Target system managers Application role in which target system managers are specified for the client. Target system managers only edit client objects that are assigned to them. Each client can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this client. Use the button to add a new application role.

Synchronized by

NOTE: You can only specify the synchronization type when adding a new client. No changes can be made after saving.

Use "One Identity Manager" when you create a client with the Synchronization EditorClosed.

Specify how the data will be synchronized between the target system and the One Identity Manager. Choose between "One Identity Manager", "FIM" and "No synchronization".

Table 44: Permitted Values
Value SynchronizationClosed by Provisioned by
One Identity Manager SAP R/3 connector SAP R/3 connector
No synchronization none none

NOTE: If you select "No synchronization" you can define custom processes to exchange data between One Identity Manager and the target system.
ALE name Name used to map the client as logical system in the SAP distribution model.
ALE model name Name of the SAP distribution model that maps the relation between the logical systems of the central user administration. SAP roles and profiles of all child systems with the same ALE model name as the central system, are synchronized when the central system is synchronized.
CUA status Labels client usage when CUA is enabled. Possible values are "Central", "Child" and "None". If Central User Administration is not enabled, do not enter a value.
CUA central system Central system to which the client belongs. Assign the valid central system to clients with CUA status "Child".
Description Spare text box for additional explanation.
Related Topics
Related Documents