Assigning Function Definitions
Assigning Function Definitions
Use this task to specify the function definitions for which a mitigating control is valid. You can only assign function definitions that are enabled on the assignment form.
To assign SAP function definitions to mitigating controls
- Select the category Risk index functions | Mitigating controls.
- Select the mitigating control in the result list.
- Select the task Assign function definitions.
- Double-click on the function definitions you want to assign in Add Assignments
- OR -
Double-click on the function definitions you want to remove in Remove Assignment.
- Save the changes.
Calculating Mitigation
Calculating Mitigation
The significance reduction of a mitigating control supplies the value by which to reduce
The reduced risk index is calculated from the
Risk index (reduced) = Risk index - sum significance reductions
If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.
Appendix: Configuration Parameters for SAP Functions
Appendix: Configuration Parameters for SAP Functions
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Description |
|---|---|
|
TargetSystem\SAPR3\SAPRights |
Preprocessor relevant configuration parameter for controlling component parts for testing authorizations in SAP R/3 using SAP functions. If the parameter is set, the components are available. Changes to the parameter require recompiling the database. |
| TargetSystem\SAPR3\SAPRights\TestWithoutTCD | Checks SAP authorizations without taking SAP transactions into account. |
Appendix: Default Project Templates for the SAP R/3 Compliance Add-on Module
Appendix: Default Project Templates for the SAP R/3 Compliance Add-on Module
A default project template ensures that all required information is added in the One Identity Manager. This includes mappings, workflows and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the .Synchronization Editor
Use the project template "SAP® R/3® authorization objects" for synchronization of authorization packages and transactions. The template uses mappings for the following schema types.
| SchemaData model of a connected system. The schema describes all the master data from the connected system. see target system schema; see One Identity Manager schema; see connector schema; see extended schema Type in the Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". |
Table in the One Identity Manager schema |
|---|---|
| TOBJ | SAPAuthObject |
| ObjectClass | SAPAuthObjectClass |
| AUTHX | SAPField |
| Transaction | SAPTransaction |
| TACT | SAPActivity |
| objectHasField | SAPAuthObjectHasField |
| ObjectHasActivity | SAPAuthObjectHasSapActivity |
| FieldHasRcTable | SAPFieldHasSAPRCTable |
| tMenu01 | SAPMenu |
| menuHasTransaction | SAPMenuHasSAPTransaction |
| ProfileHasAuthObjectField | SAPProfileHasAuthObjectElem |
| RcTable | SAPRCTable |
| RcVariable | SAPRCVariable |
| TRANSACTIONHASTOBJ | SAPTransactionHasSAPAuthObject |