|Configuration parameter||Active Meaning|
Preprocessor relevant configuration parameter for controlling effectiveness of group memberships. If the parameter is set, memberships can be reduced on the basis of exclusion definitions. Changes to the parameter require recompiling the database.
If structural profiles are assigned to user accounts, an employee may obtain two or more structural profiles, which are not permitted in this combination. To prevent this, declare the structural profiles as mutually exclusive. To do this, you specify which of the two structural profiles should apply to the user accounts if both are assigned.
You can assign an excluded structural profile directly, indirectly or by IT Shop request at anytime. One Identity Manager determines whether the assignment is effective.
The effect of the assignments is mapped in the tables SAPUserInSAPHRP and BaseTreeHasSAPHRP through the column XIsInEffect.
To exclude structural profiles
- OR -
Remove structural profiles that are no longer mutually exclusive in Remove assignments.
For more information about the effectiveness of group memberships, see the One Identity Manager Administration Guide for Connecting to SAP R/3.
In One Identity Manager,
Every user account can be assigned to one or more categories. Every structural profile can be assigned to one or more categories as well. The structural profile is inherited by the user account when at least one user account category item matches an assigned structural profile. The structural profile is also inherited by the user account if the structural profile or the user account is not put into categories.
|NOTE: Inheritance through categories is only taken into account when structural profiles are assigned indirectly through hierarchical roles. Categories are not taken into account when structural profile are directly assigned to user accounts.|
To use inheritance through categories
||NOTE: If central user administration is implemented, define the categories in the central system as well as in the child system. The same categories must be defined in the child system as in the central system so that |
To define a category
Personnel planning data and parts of the organization structure from the SAP HCM system can be mapped in the One Identity Manager. Set up a synchronization project to import personnel planing data. For more information, see Setting up a Synchronization Project for Synchronizing with an SAP HCM System. The data source import "One Identity Manager" is given (column ImportSource = "SAP R/3") for all objects imported into the SAP database in this way.
Use this synchronization project to import employee master data and departments into the One Identity Manager database. In addition, information about master identities, work hours, communication data and department managers are imported. This information can be evaluated during identity audit, by assigning employees to SAP user accounts.
Furthermore, you can configure synchronization for other personnel planning data. For more information, see Setting up a Synchronization Project for Synchronizing additional Personnel Planning Data.
You can import typically required personnel planning data into the One Identity Manager database using the initial synchronization project for personnel planning. This includes general employee master data, communications data, departments and their managers. For more information, see Project Templates for Synchronizing Personnel Planning Data.
The SAP HCM system has other personnel planning data available. To import these, create a new synchronization project and configure mapping for the additional data. You can use predefined schema types to do this.
To set up a synchronization project for additional personnel planning data
If the option is not set, the page is not shown. The address type 1 (Permanent residence address) is imported by default.
||TIP: You can enter a file with additional schema types on this page. The connector schema is extended by these custom schema types. You can also enter this data after saving the synchronization project. For more detailed information, see the .One Identity Manager Administration Guide for Connecting to SAP R/3|
This creates and allocates a default schedule for regular synchronization. The synchronization project is created.
|Mapping name||Display name of the mapping.
Mapping name is used as key. It cannot be changed after saving.
|Mapping direction||Permitted direction of mapping for all property mapping rules. Select "in direction of One Identity Manager"|
|Description||Spare text box for additional explanation.|
Specifies whether the mapping part is mapping in the hierarchy. This option is important for optimizing synchronization.
|Only suitable for updates||Set this option if schema class objects are never added during synchronization but only updated or deleted.|
|Schema class in the One Identity Manager||
One Identity Manager schema class to which the mapping applies. Displays all schema classes with a configured mapping, in the menu.
Create a new schema class to set up a mapping for another schema type.
|Target system schema class||Schema class to which the mapping applies. Displays all schema classes with a configured mapping, in the menu.
Click and create a new schema class for a schema type.
For more information about setting up mappings and schema classes, see the One Identity Manager Target System Synchronization Reference Guide.
For more detailed information about setting up synchronization steps, see the One Identity Manager Target System Synchronization Reference Guide.
Run a consistency check.
Activate the synchronization project.
To synchronize on a regular basis
To start initial synchronization manually
For more detailed information about setting up synchronization server, see the One Identity Manager Administration Guide for Connecting to SAP R/3.