立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP objects Removing a Central User Administration Troubleshooting an SAP R/3 connection Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Assigning extended properties to SAP products

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for an SAP product

  1. Select the SAP R/3 > Products category.
  2. Select the SAP product in the result list.
  3. Select the Assign extended properties task.
  4. Assign extended properties in Add assignments.

    - OR -

    Remove extended properties in Remove assignments .

  5. Save the changes.
Related topics

Editing conflicting system roles

Table 68: Configuration parameters for editing mutually exclusive roles
Configuration parameter Effect when set
QER | Structures | Inherite | ESetExclusion

Preprocessor-relevant configuration parameter for defining the effectiveness of system roles If this parameter is set, mutually excluding system roles can be defined. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

It is possible that identities may not own certain groups, roles, and profiles at the same time. To avoid this, you can assign mutually exclusive groups, roles, and profiles to different SAP products. Define these SAP products afterward as conflicting system roles. This means that conflicting system roles can be grouped together into a system role.

NOTE: Only SAP products, which are defined directly as conflicting system roles cannot be assigned to the same identity. Definitions made on parent or child SAP products do not affect the assignment.

To implement conflicting system roles

  • In the Designer, set the QER | Structures | Inherite | ESetExclusion configuration parameter and compile the database.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

To define conflicting system roles

  1. In the Manager, select the category SAP R/3 > Products.

  2. Select the SAP product in the result list for which you want to define conflicting system roles.

  3. Select the Edit conflicting system roles task.

  4. In the Add Assignments panes, double-click the system roles are mutually exclusive to the selected SAP product.

    - OR -

    In the Remove assignments pane, remove the system roles that are no longer mutually exclusive.

  5. Save the changes.

Providing system measurement data

User account license information can be mapped in One Identity Manager. An identity can have several user accounts which belong to different clients and systems. The identity's most significant user account is required for system measurement. This user account is determined as a chargeable user account by system measurement. One Identity Manager calculates user account ratings from the licenses assigned.

The identity's most significant user account is automatically determined from all user accounts not managed though CUAClosed. CUA user accounts are mapped in the license information in One Identity Manager and can be edited. The most significant user account is not, however, determined automatically.

System measurement data is supplied in One Identity Manager. The actual measurement takes place in the target system.

To make system measurement data available

  1. In the Designer, set the TargetSystem | SAPR3 | Accounts | CalculateLicence configuration parameter.

  2. In SAP, set the Enable system measurement option.
  3. Set Has user administration in the client.
  4. Enter the license data
    1. Enter the license for roles and profiles. One Identity Manager finds the user account's licenses from the licenses of all roles and profiles in which the user account is a member.

      – OR –

    2. Enter the active license directly in the user account.

    One Identity Manager calculates the most significant user account license from the licenses entered.

  5. Publish the measurement data.

    The calculated licenses are transferred to the active licenses. Active licenses are published in the target system. System measurement can be carried out there.

Detailed information about this topic

Mapping the measurement data

Measurement data is displayed on the main data form for user accounts which are not CUAClosed.

To display measurement data

  1. Select the SAP R/3 > User accounts category.
  2. Select the user account in the result list.
  3. Change to Inventory data.

    This open the main data form with synchronized and calculated data for system measurement.

The following license information is displayed on the form.

Table 69: User account measurement data

Property

Description

Active License

User account's license. The active license is loaded into the One Identity Manager database by synchronization or found from the calculated, identity-related license.

NOTE: The active license can also be edited and changed. Changes to the active license are published immediately in the target system. The licenses stored with the roles and profiles are not effective in this case.

NOTE: If licenses are stored with roles or profiles in which the user account is a member and Publishing calculated licenses is running, the active license stored directly with the user account is overwritten by the calculated license.

Special version ID

License extension for the installed special version. Select the special version ID from the menu. This is only enabled if special versions are permitted for the active license.

Country surcharge

Additional license fee. This is only enabled if country surcharges are permitted for the active license.

Substitute

Link to the user account which takes over as deputy for a specified time period. This field is only active if "04 (substitute)" or "11 (Multi-client/system)" is entered. The substitute user account obtains roles and profiles of the displayed user account for a specified time period.

Substituted from

Time period in which another user account assumes responsibility. This input field is enabled if the active license is set to "04 (substitute)".

Substituted until

Calculated license (client)

License determined from user account assigned roles and profiles within the client.

This field is only visible if the TargetSystem | SAPR3 | Accounts | CalculateLicence configuration parameter, the System measurement enabled option in SAP, and the Has user administration option in the SAP client are enabled.

Calculated license (identity)

License of most significant identity user account.

The client related calculated license is entered for the most significant user account. For all the other identity’s user accounts, the identity related calculated license "11 (Multi-client/system user)" is entered. This also contains a reference to the calculated most significant user account (Calculated ref. name).

This field is only visible if the TargetSystem | SAPR3 | Accounts | CalculateLicence configuration parameter, the System measurement enabled option in SAP, and the Has user administration option in the SAP client are enabled.

Calculated ref.name

Link to the calculated most significant user account if "11 (Multi-client/system user)" is entered.

This field is only visible if the TargetSystem | SAPR3 | Accounts | CalculateLicence configuration parameter, the System measurement enabled option in SAP, and the Has user administration option in the SAP client are enabled.

Measurement data is displayed for each user account assignment to the target system and to child systems if the user accounts are managed over CUA,

To display measurement data for a centrally administered user account

  1. In the Manager, select the SAP R/3 > User accounts category.

  2. Select the user account in the result list.

  3. Select the Assign SAP licenses in client systems task.

  4. Select an assignment in the table.

The following license information is displayed on the form.

Table 70: Measurement data for a centrally administrated user account
Property Description

Recipient client

Client containing the user account which is assigned a license. You can select the central system or a assigned child system.

License

User account license in the selected client.

License extension

License extension for the installed special version. Select the special version ID from the menu.

Country surcharge

Additional license fee.

Chargeable system

SAP system containing the client to be charged. This field is only shown if 04 (substitute) or 11 (Multi-client/system) is entered as the license.

Chargeable client

Client containing the user account to be charged. This field is only shown if 04 (substitute) or 11 (Multi-client/system) is entered as the license.

Chargeable user account

User account to be charged if 04 (substitute) or 11 (Multi-client/system) is entered as the license.

Substituted from

Time period in which another user account assumes responsibility. These fields are enabled if 04 (substitute) is entered as the license.

Substituted until

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级