立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - Administration Guide for the SAP R/3 Compliance Add-on

SAP functions and identity audit Setting up a synchronization project for synchronizing SAP authorization objects Base data for SAP functions Finding non-compliant authorizations Setting up SAP functions Compliance rules for SAP functions Mitigating controls for SAP functions Configuration parameters for SAP functions Default project template for the SAP R/3 Compliance Add-on Module Referenced SAP R/3 tables and BAPI calls

Enabling working copies

SAP authorizations are only checked on the basis of active SAP functions. When you enable the working copy, the changes are transferred to the function definition. An active function definition is added to a new working copy.

To transfer changes from a working copy to a function definition

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
  2. Select the function definition in the result list.
  3. Select the Enable working copy task.
  4. Confirm the security prompt with OK.
Related topics

Exporting function definitions

To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.

To export the function definition to a CSV file

  1. In the Manager, select the Identity Audit > SAP functions > Function definitions category.
  2. Select the function definition in the result list.
  3. Select the Change main data task.

  4. Select the Export task.
  5. Specify the file name and storage location for the CSV file.
  6. Click Save.

The following properties are exported:

Table 14: Exported main data of a function definition

Property

Data field in the CSV file.

Name of the function definition

Function

Assigned function category

Process

Description

Function Description

Significance

Risk Level

Suggested authorization value

TransactionType

Transaction code

Transaction

TADIR program ID

AUTHPGMID

TADIR object type

AUTHOBJTYP

TADIR object name

AUTHOBJNAM

Type of external service

SRV_TYPE

Name of external service

SRV_NAME

RFC object type

RFC_TYPE

RFC object name

RFC_NAME

Hash value

SAPHashValue

Authorization objects

Object

Authorization fields

Field

Description of authorization field.

Field Description

Value/lower scope limit

Value From

Upper scope limit

Value To

The import status (State) is included with each data record in the CSV file as additional information. The import status is set to 1 by default on export. This data is evaluated when function definitions are imported.

Related topics

Exporting working copies

To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.

To export the function definition of a working copy to a CSV file

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
  2. Select the function definition in the result list.
  3. Select the Change main data task.

  4. Select the Export task.
  5. Specify the file name and storage location for the CSV file.
  6. Click Save.

The following properties are exported:

Table 15: Exported main data of a function definition

Property

Data field in the CSV file.

Name of the function definition

Function

Assigned function category

Process

Description

Function Description

Significance

Risk Level

Suggested authorization value

TransactionType

Transaction code

Transaction

TADIR program ID

AUTHPGMID

TADIR object type

AUTHOBJTYP

TADIR object name

AUTHOBJNAM

Type of external service

SRV_TYPE

Name of external service

SRV_NAME

RFC object type

RFC_TYPE

RFC object name

RFC_NAME

Hash value

SAPHashValue

Authorization objects

Object

Authorization fields

Field

Description of authorization field.

Field Description

Value/lower scope limit

Value From

Upper scope limit

Value To

The import status (State) is included with each data record in the CSV file as additional information. The import status is set to 1 by default on export. This data is evaluated when function definitions are imported.

Related topics

Assigning mitigating controls to SAP functions

Mitigating controls can be stored with SAP functions. These reduce the effects on the company when SAP users match with SAP functions. At the same time, you specify how to deal with SAP users or SAP groups that match the SAP function. For example, changing a user assignment to an SAP role in the SAP system can be used as a mitigating control for an SAP function.

Mitigating controls can also be used as controlling measures for compliance rules. Mitigating controls assigned to the SAP functions for testing are automatically transferred into compliance rules about SAP functions.

Prerequisites:

  • Enabled compliance rules are assigned to a functional area and a department.
  • The SAP functions for testing are assigned to the same functional area and then associated variable set of the same department.

To edit mitigating controls

  • In the Designer, enable the QER | CalculateRiskIndex configuration parameter.
Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级