Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 Environments Setting up SAP R/3 Synchronization Base Data for Managing SAP R/3 SAP Systems SAP Clients SAP User Accounts SAP Groups, SAP Roles and SAP Profiles SAP Products Providing System Measurement Data Reports about SAP Systems Appendix: Configuration Parameters for Managing an SAP R/3 Environment Appendix: Default Project Templates for Synchronizing an SAP R/3 Environment Appendix: Referenced SAP R/3 Tables and BAPI Calls Appendix: Example of a Schema Extension File

Specifying Categories for Inheriting SAP Groups, SAP Roles and SAP Profiles

Specifying Categories for Inheriting SAP Groups, SAP Roles and SAP Profiles

NOTE: In order to easy understanding the behavior is described with respect to SAP groups in this section. It applies in the same way to roles and profiles.

In One Identity Manager, groups can be selectively inherited by user accounts. For this, groups and user accounts are divided into categories. The categories can be freely selected and are specified by a template. Each category is given a specific position within the template. The mapping rule contains different tables. Use the user account table to specify categories for target system dependent user accounts. Enter your categories for the structural profiles, administrative roles, subscriptions and disabled service plans in the . Each table contains the category items "Position1" to "Position31".

NOTE: If central user administration is implemented, define the categories in the central system as well as in the child system. The same categories must be defined in the child system as in the central system so that groups from a child system can be inherited by user accounts.

To define a category

  1. Select the category SAP R/3 | Clients.
  2. Select the client from the result list.
  3. Select Change master data in the task view.
  4. Switch to the MappingClosed rule category tab.
  5. Expand the respective base node of a table.
  6. Click to enable category.
  7. Enter a name for the user account and group categories in the current language.
  8. Save the changes.
Detailed information about this topic
  • Inheriting SAP Groups, SAP Roles and SAP Profiles based on Categories
  • One Identity Manager Target SystemClosed Base Module Administration Guide

How to Edit a Synchronization Project

How to Edit a Synchronization Project

SynchronizationClosed projects, in which a client is already used as a base object, can also be opened using the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization EditorClosed is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.

NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.

To open an existing synchronization project in the Synchronization Editor

  1. Select the category SAP R/3 | Clients.
  2. Select the client from the result list. Select Change master data in the task view.
  3. Select Edit synchronization project... from the task view.
Detailed information about this topic
  • One Identity Manager Target SystemClosed Synchronization Reference Guide
Related Topics

SAP User Accounts

SAP User Accounts

You can manage the users of a One Identity Manager environment with the SAP R/3. One Identity Manager concentrates on setting up and editing SAP user accounts. Groups, roles and profiles are mapped in SAP, in order to provide the necessary permissions for One Identity Manager user accounts. The necessary data for system measurement is also mapped. The system measurement data is available in One Identity Manager, but the measurement itself takes place in the SAP R/3 environment.

If user accounts are managed through the central user administration (CUAClosed) in SAP R/3, access to the child client can be guaranteed to or withdrawn from user accounts in One Identity Manager.

Detailed information about this topic

Linking User Accounts to Employees

The central component of the One Identity Manager is to map employees and their master data with permissions through which they have control over different target systems. For this purpose, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This gives an overview of the permissions for each employees in all of the connected target systems. One Identity Manager provides the possibility to manage user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.

Because requirements vary between companies, the One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following method for linking employees and their user accounts.

  • Employees and user accounts can be entered manually and assigned to each other.
  • Employees can automatically obtain their account definitions using user account resources. If an employee does not have a user account in a client, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism followed by process handling.

    When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.

    NOTE: If employees obtain their user accounts through account definitions, they have to have a central SAP user account.
  • An existing employee is automatically assigned when a user account is added or a new employee is created if necessary. In this case, employee master data is created on the basis of the existing user account master data. This mechanism can be implemented if a new user account is created manually or by synchronization. This method, however, is not the One Identity Manager default method. Define criteria for finding employees for automatic employee assignment.
Related Topics

For more detailed information about employee handling and administration, see the One Identity Manager Target SystemClosed Base Module Administration Guide.

Related Documents