You can see the most important information about a working copy on the overview form.
To obtain an overview of a working copy
Use the Authorization Editor to set up the SAP function authorization definition. To do this, group transactions and authorization objects together that should be covered by the SAP function.
To compile an authorization definition
| Property | Description |
|---|---|
| SAP menu display | Menu items from the SAP GUI's SAP menu. |
| All other menus | Menu items from all other SAP menus. |
| System | SAP system to be used to display the menu tree. |
| Menu | Menu tree for selecting menu items. All the transaction and authorization objects are loaded that can be called from the selected menu items. Transaction codes that are linked to a menu item are shown in brackets in the menu tree as additional information. |
- OR -
| Property | Description |
|---|---|
| Filter | Filter for list of available transactions |
| Transaction | Transactions whose authorization objects are to be loaded into the Authorization Editor. All authorization object are added that are linked with the selected transaction. |
- OR -
| Property | Description |
|---|---|
| Filter | Filter for list of available authorization objects |
| Authorization objects | Authorization objects to be loaded to the Authorization Editor. All transactions that are linked to the authorization object are added. |
- OR -
Select an existing function definition whose authorization definition you want to load into the Authorization Editor.
Figure 3: Authorization Editor for SAP functions
The functionality of the Authorization Editor is based on the SAPGUI Authorization Editor. The columns in the Authorization Editor have the following meaning.
| Property | Description | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Function definition / transaction / authorization / function element | Function definition hierarchy. Transactions, their associated authorization objects and function elements are mapped in a tree structure. | |||||||||||||||||||||||||||
| Processing status | Processing status of tree structure objects:
| |||||||||||||||||||||||||||
| Add | Click +, to add more objects to the authorization definition. This adds a sub object.
Click C, to copy the function element. | |||||||||||||||||||||||||||
| Remove | Click -, to remove objects from the authorization definition. | |||||||||||||||||||||||||||
| Description | Object description. | |||||||||||||||||||||||||||
| Any | Click *, to define the value of a function element as "*" (any value). | |||||||||||||||||||||||||||
| Value / lower limit |
Values permitted for the function element. For example, you can limit SAP authorizations to specific SAP groups. When you specify a range, enter the lower limit here. Values can be added as variables. System variables can also be used. Wildcards can be used in the values.
| |||||||||||||||||||||||||||
| Upper scope boundary | Upper limit for the range of a function element Values can be added as variables. |
All function elements in a transaction that are defined in a separate row must be fulfilled for the SAP function to match. If the SAP functions should only match when an SAP profile has one of several possible instances of one and the same function element, define this instance as a comma-delimited list of values for this function element.
To edit the properties of the selected object
You can edit the description of the function element and the upper and lower limits.
| Property | Description |
|---|---|
| Type | Specifies whether the selected function element is an activity or a authorization field. |
| Name | Name of the function element. |
| Lower limit, upper limit | Values permitted for the function element. When you specify a range, enter a lower and an upper limit. Values can be added as variables. Click  to select variables from the variable definitions available. |
| Description | Detailed description of the function elements. |
One Identity Manager uses this task to test whether all authorization objects that belong to a transaction occur in the authorization definition.
To test an authorization definition for completeness
Missing authorization objects are displayed in a separate window.
The authorization objects can now be edited in the authorizations editor.
Function elements are displayed in a flat structure in the authorization overview. You can edit all the object properties here.
To display an overview of all function elements
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
... No value is specified for the function element.
... A value is specified for the function element.