Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for the SAP R/3 Compliance Add-on

SAP Functions and Identity Audit Setting up a Synchronization Project for Synchronizing SAP Authorization Objects Base Data for SAP Functions Finding Non-compliant Authorizations Setting up SAP Functions Compliance Rules for SAP Functions Mitigating Controls Appendix: Configuration Parameters for SAP Functions Appendix: Default Project Templates for the SAP R/3 Compliance Add-on Module Appendix: Referenced SAP R/3 Tables and BAPI Calls

Creating a Working Copy

Creating a Working Copy

To modify an existing function definition, you required a working copy of the function definition. The working copy can be created from the active function definition. The data of an existing working copy are overwritten with the data from the active function definition, after prompting.

To create a working copy

  1. Select the category Identity Audit | SAP functions | Function definitions.
  2. Select the function definition in the result list.
  3. Select Create working copy in the task view.
  4. Confirm the security prompt with Yes.

Exporting Function Definitions

Exporting Function Definitions

To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.

To export the function definition to a CSV file

  1. Select the category Identity Audit | SAP functions | Function definitions.
  2. Select the function definition in the result list.
  3. Select Change master data in the task view.
  4. Select Export... in the task view.
  5. Specify the file name and storage location for the CSV file.
  6. Click Save.

The following properties are exported:

Table 22: Exported Master Data for a Function Definition
Property Data field in the CSV file.
Name of the function definition Function
Assigned function category Process
Description Function Description
Significance Risk Level
Transactions Transaction
Authorization objects Object
Authorization fields Field
Description of authorization field. Field Description
Value/lower scope boundary Value From
Upper scope boundary Value To

The import status (State) is included with each data record in the CSV file as additional information. The import status is set to "1" by default on export. This data is evaluated when function definitions are imported.

Related Topics

Defining Function Instances

Defining Function Instances

One and the same function definition can be used for different concrete instances. A specific SAP client that the SAP function will be used in, is given in the function instance. In addition, the variables that are assigned to the authorization fields are given specific values. Function instances can only be created for SAP functions that are enabled.

To edit function instances

  1. Select the category Identity Audit | SAP functions | Function instances.
  2. Select the function instance in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the function instance's master data.
  4. Save the changes.

NOTE: One Identity Manager users can create and edit function instances for those SAP functions that they are responsible for with the application role Identity & Access Governance | Identity Audit | Maintain SAP Functions.

Master Data of a Function Instance

Master Data of a Function Instance

Enter the following master data for a function instance:

Table 23: Function Instance Properties
Property Description
Function definition The function instance is created for this function definition.
Client SAP client to which the SAP function should be applied.
Variable setClosed Variable set with functions defined, which are used in the function definition. The variable set and the function instance must be assigned to the same SAP client.
Managers Application role whose members are responsible for the function instance and variable sets in terms of content.

To create a new application role, click . Enter the application role name and assign a parent application role.

Display name Function instance display name. This is formatted from the function definition name, the assigned client and variable set.
Description Spare text box for additional explanation. The function definition description is copied to a new function instance.
Function Instance Elements Displays transactions, approval objects and function elements of the SAP function with specified values that are determined from the assigned variable set. Changes to the variables or variable set are displayed as soon as the DBQueue Processor has processed the corresponding authorization tasks.
Related Topics
Related Documents