Skip to Content
avatar image
Former Member

SAP IDM - Sync New roles

Hi All,

In CUA we have and used an option to import the newly created roles from the child to the CUA.

What is the best way to do it with IDM ?

I think I can do it with the Job Initial Load and only keep the concerned passes like those ones :

- ReadABAPRoles

- ReadABAPProfiles

- WriteABAPRolePrivileges

- WriteABAPProfilePrivileges

Is that correct ?

I need that because sometimes I need to import the new roles during the day and don't want to wait the night batches.

Nicolas.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Oct 24, 2013 at 07:20 AM

    Hello Nicolas,

    I'd say yes, but with delta handling acitvated for

    - WriteABAPRolePrivileges

    - WriteABAPProfilePrivileges

    But I would create an own job folder and task for that and not just use the striped down Initial Load job. ^^

    Regards,

    Steffi.

    EDIT:

    What about those two:

    Add triggers to ABAP RolePrivileges

    Add triggers to ABAP ProfilePrivileges

    Don't you need those, too? You could just put those in the other two passes, I guess.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      He Steffi,

      Thanks for your answer.

      What is the advantage of handling the deltas in this case ?

      Sure I will create a new job folder for that but based on Initial Load as I think the passes are perfect.

      Nicolas.

  • Oct 24, 2013 at 08:04 AM

    Hello Nicolas,

    I would think that with the two read-passes you get all the roles and profiles from the backend, not just the newly created. So with the delta in the write jobs it would just write the really new ones instead of all roles and profiles again.

    Unless you have an attribute value for the source tab to find just the new entries.

    Or maybe I'm missing something? oO

    Regards,

    Steffi.

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Nicolas,

      well, we just started some weeks ago with the project to include SAP roles in IdM to provision them from there, so I'm still a little shaky with the details. 😀

      Nontheless that list of passes looks good to me. ^^

      And as long as you don't have issues with the job running to long when you start it on demand during the day, writing all entries all the time would give you a clean data pool, yes. I guess it all depends on how many roles and profiles there are in the backend.

      But you asked how to import the newly created roles, so I included the delta option. ^^

      Regards,

      Steffi.