Chat now with support
Chat with Support

Identity Manager 9.3 - Administration Guide for the SAP R/3 Compliance Add-on

SAP functions and identity audit Setting up a synchronization project for synchronizing SAP authorization objects Basics of the authorization check Setting up SAP functions Compliance rules for SAP functions Mitigating controls for SAP functions Configuration parameters for SAP functions Default project template for the SAP R/3 Compliance Add-on Module Referenced SAP R/3 tables and BAPI calls

Authorization overview

Function elements are displayed in a flat structure in the authorization overview.

To display an overview of all function elements for an active function definition

  1. In the Manager, select the Identity Audit > SAP functions > Function definitions category.

  2. Select the function definition in the result list.

  3. Select the Authorization overview task.

To display an overview of all function elements for a working copy

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.

  2. Select the function definition in the result list.

  3. Select the Authorization overview task.

    You can edit all the object properties here.

Related topics

Creating working copies

To modify an existing function definition, you require a working copy of the function definition. You can create a working copy from the active function definition. After confirming the prompt, the data of an existing working copy is overwritten with the data from the active function definition.

To create a working copy

  1. In the Manager, select the Identity Audit > SAP functions > Function definitions category.

  2. Select the function definition in the result list.

  3. Select the Create working copy task.

  4. Confirm the security prompt with Yes.
Related topics

Exporting individual function definitions

To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.

To export the function definition to a CSV file

  1. In the Manager, select the Identity Audit > SAP functions > Function definitions category.

  2. Select the function definition in the result list.

  3. Select the Change main data task.

  4. Select the Export task.

  5. Specify the file name and storage location for the CSV file.

  6. Click Save.

To export the function definition of a working copy to a CSV file

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.

  2. Select the function definition in the result list.

  3. Select the Change main data task.

  4. Select the Export task.

  5. Specify the file name and storage location for the CSV file.

  6. Click Save.

The following properties are exported:

Table 19: Exported main data of a function definition

Property

Data field in the CSV file.

Name of the function definition (SAPFunction.Ident_SAPFunction)

Function

Assigned function category (SAPFunctionCategory.Ident_SAPFunctionCategory)

Process

Description (SAPFunction.Description)

Function Description

Effect (SAPFunction.SignificancyClass)

Risk Level

Authorization object (SAPFunctionDetail.Ident_SAPAuthObject)

Object

Authorization fields (SAPFunctionDetail.ElementName)

Field

Description of the authorization fields (SAPFunctionDetail.Description)

Field Description

Value/Lower limit (SAPFunctionDetail.LowerLimit)

Value From

Upper limit (SAPFunctionDetail.UpperLimit)

Value To

Function argument (SACAbility.AbilityName)

Ability Name

Condition (SAPFunction.ConditionString)

Condition String

The import status (State) is included with each data record in the CSV file as additional information. The import status is set to 1 by default on export. This data is evaluated when function definitions are imported.

Related topics

Renaming function arguments

All function arguments within a SAP function must have a unique name. To ensure this, the name is formed by default from a character string and a consecutive number. The name pattern is defined in the TargetSystem | SAPR3 | SAPRights | AbilityNamePattern configuration parameter. You can adjust the value of the configuration parameter to suit your requirements if necessary. When you create an authorization definition it automatically names the function arguments.

You can change the names of the function arguments of an authorization definition manually at any time or reapply the name pattern. For example, use this functionality to assign uniform names for function arguments if the SAP functions have been imported or migrated from other or older databases.

To rename the function arguments of an authorization definition

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.

  2. Select the function definition in the result list.

  3. Select the Authorization Editor task.

  4. Select the Rename function arguments task.

  5. Confirm the security prompt with Yes.

  6. Save the changes.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating