Creating working copies
To modify an existing function definition, you require a working copy of the function definition. You can create a working copy from the active function definition. After confirming the prompt, the data of an existing working copy is overwritten with the data from the active function definition.
To create a working copy
-
In the Manager, select the Identity Audit > SAP functions > Function definitions category.
-
Select the function definition in the result list.
-
Select the Create working copy task.
- Confirm the security prompt with Yes.
Related topics
Exporting function definitions
To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.
To export the function definition to a CSV file
-
In the Manager, select the Identity Audit > SAP functions > Function definitions category.
-
Select the function definition in the result list.
-
Select the Change main data task.
-
Select the Export task.
-
Specify the file name and storage location for the CSV file.
-
Click Save.
The following properties are exported:
Table 9: Exported main data of a function definition
|
Name of the function definition |
Function |
|
Assigned function category |
Process |
|
Description |
Function Description |
|
Significance |
Risk Level |
|
Suggested authorization value |
TransactionType |
|
Transaction code |
Transaction |
|
TADIR program ID |
AUTHPGMID |
|
TADIR object type |
AUTHOBJTYP |
|
TADIR object name |
AUTHOBJNAM |
|
Type of external service |
SRV_TYPE |
|
Name of external service |
SRV_NAME |
|
RFC object type |
RFC_TYPE |
|
RFC object name |
RFC_NAME |
|
Hash value |
SAPHashValue |
|
Authorization objects |
Object |
|
Authorization fields |
Field |
|
Description of authorization field. |
Field Description |
|
Value/lower scope limit |
Value From |
|
Upper scope limit |
Value To |
The import status (State) is included with each data record in the CSV file as additional information. The import status is set to 1 by default on export. This data is evaluated when function definitions are imported.
Related topics
Exporting working copies
To transfer SAP functions from a development environment to a production environment, for example, you can export function definitions to CSV files. These CSV files can be imported into other databases.
To export the function definition of a working copy to a CSV file
-
In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
-
Select the function definition in the result list.
-
Select the Change main data task.
-
Select the Export task.
-
Specify the file name and storage location for the CSV file.
-
Click Save.
The following properties are exported:
Table 10: Exported main data of a function definition
|
Name of the function definition |
Function |
|
Assigned function category |
Process |
|
Description |
Function Description |
|
Significance |
Risk Level |
|
Suggested authorization value |
TransactionType |
|
Transaction code |
Transaction |
|
TADIR program ID |
AUTHPGMID |
|
TADIR object type |
AUTHOBJTYP |
|
TADIR object name |
AUTHOBJNAM |
|
Type of external service |
SRV_TYPE |
|
Name of external service |
SRV_NAME |
|
RFC object type |
RFC_TYPE |
|
RFC object name |
RFC_NAME |
|
Hash value |
SAPHashValue |
|
Authorization objects |
Object |
|
Authorization fields |
Field |
|
Description of authorization field. |
Field Description |
|
Value/lower scope limit |
Value From |
|
Upper scope limit |
Value To |
The import status (State) is included with each data record in the CSV file as additional information. The import status is set to 1 by default on export. This data is evaluated when function definitions are imported.
Related topics
Defining function instances
One and the same function definition can be used for different concrete instances. A specific SAP client that the SAP function will be used in is given in the function instance. In addition, the variables that are assigned to the authorization fields are given specific values. Function instances can only be created for SAP functions that are enabled.
To create a function instance
-
In the Manager, select the Identity Audit > SAP functions > Function instances category.
-
Click 
in the result list.
-
Edit the function instance's main data.
- Save the changes.
To edit a function instance
-
In the Manager, select the Identity Audit > SAP functions > Function instances category.
-
In the result list, select a function instance and run the Change main data task.
-
Edit the function instance's main data.
- Save the changes.
NOTE: One Identity Manager users with the Identity & Access Governance | Identity Audit | Maintain SAP functions application role can create and edit function instances for the SAP functions if they are listed as the manager.
Detailed information about this topic
