立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Basic data for user account administration

One Identity Manager supplies the following basic data for user administration, by default:

If configured, other basic data that cannot be edited in One Identity Manager is read from SAP R/3 during synchronization. It is used only for assignments to SAP user accounts. These include:

Certain user account properties can be defined as default for all user accounts through the configuration settings. These include:

User account types

The user account types are available in One Identity Manager by default. SAP R/3 recognizes the user account types listed below.

Table 28: User account types
User account type Meaning
Dialog (A) Dialog user in a system.
System (B) Background processing within a system.
Communication (C) Communication between systems without a dialog.
Service (S) Common user account for anonymous system access, for example.

User account of this type should have heavily restricted access permissions.

Reference (L) Common user account for additional granting of permissions.

The default user account type for new user accounts is specified in the "TargetSystem | SAPR3 | Accounts | Ustyp" configuration parameter.

To modify the default user account type

  • In the Designer, edit the value of the "TargetSystem | SAPR3 | Accounts | Ustyp" configuration parameter.

External identifier types

External authentication methods for logging in to a system can be used in SAP R/3. One Identity Manager supplies the following types as user identifiers to find the login data necessary for different authentication mechanisms for external systems on an SAP system:

Table 29: External identifier types
Type Description
DN Distinguished Name for X.509.
NT Windows NTLM or password verification with the Windows domain controller.
LD LDAP bind <user-defined> (For other external authentication mechanisms).
SA SAML Token.

To specify a default type for external identifiers

  • In the Designer, set the "TargetSystem | SAPR3 | UserDefaults | ExtID_Type" configuration parameter and specify a value.

SAP parameters

Parameters can be loaded into the One Identity Manager database by synchronization and be either directly or indirectly assigned to user accounts. In the case of indirect assignment, employees and parameters are arranged in hierarchical roles. The number of parameters assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and that employee owns a user account, the parameter is assigned to the user account.

Prerequisites for assigning employees to user accounts are:

  • Assignment of employees and SAP parameters is permitted for role classes (departments, cost centers, locations, or business roles).
  • User accounts and parameters belong to the same SAP system.

A different parameter value can be specified for each hierarchical role that is assigned a parameter. Thus, the parameter values are also inherited by the user account. You can use membership in hierarchical roles to control which parameter values the parameter obtain from the user account.

Detailed information about this topic
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级