立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for the SAP R/3 Compliance Add-on

SAP functions and identity audit Setting up a synchronization project for synchronizing SAP authorization objects Setting up SAP functions Compliance rules for SAP functions Mitigating controls for SAP functions Configuration parameters for SAP functions Default project template for the SAP R/3 Compliance Add-on Module Referenced SAP R/3 tables and BAPI calls

Exporting working copies

To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.

To export the function definition of a working copy to a CSV file

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.

  2. Select the function definition in the result list.

  3. Select the Change main data task.

  4. Select the Export task.

  5. Specify the file name and storage location for the CSV file.

  6. Click Save.

The following properties are exported:

Table 10: Exported main data of a function definition

Property

Data field in the CSV file.

Name of the function definition

Function

Assigned function category

Process

Description

Function Description

Significance

Risk Level

Suggested authorization value

TransactionType

Transaction code

Transaction

TADIR program ID

AUTHPGMID

TADIR object type

AUTHOBJTYP

TADIR object name

AUTHOBJNAM

Type of external service

SRV_TYPE

Name of external service

SRV_NAME

RFC object type

RFC_TYPE

RFC object name

RFC_NAME

Hash value

SAPHashValue

Authorization objects

Object

Authorization fields

Field

Description of authorization field.

Field Description

Value/lower scope limit

Value From

Upper scope limit

Value To

The import status (State) is included with each data record in the CSV file as additional information. The import status is set to 1 by default on export. This data is evaluated when function definitions are imported.

Related topics

Defining function instances

One and the same function definition can be used for different concrete instances. A specific SAP client that the SAP function will be used in is given in the function instance. In addition, the variables that are assigned to the authorization fields are given specific values. Function instances can only be created for SAP functions that are enabled.

To create a function instance

  1. In the Manager, select the Identity Audit > SAP functions > Function instances category.

  2. Click in the result list.

  3. Edit the function instance's main data.

  4. Save the changes.

To edit a function instance

  1. In the Manager, select the Identity Audit > SAP functions > Function instances category.

  2. In the result list, select a function instance and run the Change main data task.

  3. Edit the function instance's main data.

  4. Save the changes.

NOTE: One Identity Manager users with the Identity & Access Governance | Identity Audit | Maintain SAP functions application role can create and edit function instances for the SAP functions if they are listed as the manager.

Detailed information about this topic

Main data for function instances

Enter the following main data of a function instance.

Table 11: Function instance properties

Property

Description

Function definition

The function instance is created for this function definition.

Client

SAP client to which the SAP function should be applied.

Variable set

Variable set with functions defined, which are used in the function definition. The variable set and the function instance must be assigned to the same SAP client.

Manager/supervisor

Application role whose members are responsible for the function instance and variable sets in terms of content.

To create a new application role, click . Enter the application role name and assign a parent application role.

Display name

Function instance display name. This is formatted from the function definition name, the assigned client and variable set.

Description

Text field for additional explanation. The function definition description is copied to a new function instance.

Function Instance Elements

Displays SAP applications, approval objects, and function elements of the SAP function with specified values that are determined from the assigned variable set. Changes to the variables or variable set are displayed as soon as the DBQueue Processor has processed the corresponding authorization tasks.

Related topics

Checking field variable definitions

Before you use function instances in compliance rules, check whether all variable which are used in the function definition are defined in the variable set. If there is no function definition or variable set assigned to the function instance, the check-in fails with an error message. Variables that are not defined in the associated variable set are listed in the error message.

To check variable definitions

  1. In the Manager, select the Identity Audit > SAP functions > Function instances category.

  2. Select the function instance in the result list.

  3. Select the Change main data task.

  4. Select the Check variable definitions task.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级