立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for the SAP R/3 Compliance Add-on

SAP functions and identity audit Setting up a synchronization project for synchronizing SAP authorization objects Setting up SAP functions Compliance rules for SAP functions Mitigating controls for SAP functions Configuration parameters for SAP functions Default project template for the SAP R/3 Compliance Add-on Module Referenced SAP R/3 tables and BAPI calls

Configuration parameters for SAP functions

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 20: Configuration parameters for the module

Configuration parameter

Description

TargetSystem | SAPR3 | SAPRights

Preprocessor relevant configuration parameter for controlling component parts for testing authorizations in SAP R/3 using SAP functions. If the parameter is set, the components are available. Changes to the parameter require recompiling the database.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | SAPR3 | SAPRights | TestWithoutTCD

Checks SAP authorizations without taking SAP applications into account.

The following configuration parameters are also required.

Table 21: Additional configuration parameters

Configuration parameter

Description

QER | CalculateRiskIndex

Preprocessor relevant configuration parameter controlling system components for calculating the risk index. Changes to the parameter require recompiling the database.

If the parameter is enabled, values for the risk index can be entered and calculated.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ComplianceCheck

Preprocessor relevant configuration parameter for controlling the database model components for checking the rule base. Changes to the parameter require recompiling the database. If the parameter is enabled, you can use the model components.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

Default project template for the SAP R/3 Compliance Add-on Module

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Use the SAP R/3 authorization objects project template to synchronize authorization objects and transactions. The project template uses mappings for the following schema types.

Table 22: Mapping SAP R/3 schema types to tables in the One Identity Manager schema

Schema type in the target system

Table in the One Identity Manager Schema

TOBJ

SAPAuthObject

ObjectClass

SAPAuthObjectClass

AUTHX

SAPField

Transactions

SAPTransaction

TACT

SAPActivity

ObjectHasField

SAPAuthObjectHasField

ObjectHasActivity

SAPAuthObjectHasSapActivity

FieldHasRcTable

SAPFieldHasSAPRCTable

TMENU01

SAPMenu

MenuHasTransaction

SAPMenuHasSAPTransaction

ProfileHasAuthObjectField

SAPProfileHasAuthObjectElem

RcTable

SAPRCTable

Variable

SAPRCVariable

TRANSACTIONHASTOBJ

SAPTransactionHasSAPAuthObject

RFCFUNCTION

SAPTransaction

USOBHASH

SAPTransaction

Referenced SAP R/3 tables and BAPI calls

The following overview provides information about all the tables referenced by SAP authorization objects in an SAP R/3 system and the BAPI calls that are run. The tables and BAPIs accessed by the SAP R/3 connector when SAP R/3 basis administration is synchronized are listed in the One Identity Manager Administration Guide for Connecting to SAP R/3.

Table 23: Referenced tables and BAPIs

Tables

BAPI Calls

AUTHX

OBJCT

TACT

TACTZ

TFDIR

TMENU01

TMENU01R

TMENU01T

TOBJ

TOBCT

TSTCT

USOBHASH

USOBX_C

USR10

UST10S

UST12

USVART

AUTH_TRACE_GET_USOBHASH

RFC_READ_TABLE or /VIAENET/READTABLE

AUTH_TRACE_GET_USOBHASH or /VIAENET/LISTUSOBHASH

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级