Skip to Content
avatar image
Former Member

SAP IDM and structural authorizations

Hi Experts,

Iam looking for a solution to provision structural authorizations (T77UA) after creation the user in su01. The only threats I have found are from the year 2009/2010 with IDM 7.1 and not all links are still working.

What is the best way to realize that? We have IDM 7.2.

Thanks

John

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Feb 24, 2017 at 01:00 AM

    There is no standard functionality for this. Instead, you should implement context sensitive authorisations in the backend system. This will remove the need to provision the structural profiles. It is then just included in your standard authorisation/ role concept

    /henrik

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Mar 08, 2017 at 08:37 AM

    Hey John,

    this is a very common issue. I personally believe that more clients would be using IDM if there was a great out-of-the-box solution for this.

    Did you have any success yet?

    The only solution I know is custom made post-processing of user attributes or roles on the ABAP side, which translates them into assignments of the org. Management tree.

    With Kind regards,

    Hendrik

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 23, 2017 at 01:19 PM

    Hi John,

    SAP IDM has no direct support for this SAP functionality. I believe it has been mentioned over at the SAP IDM Idea place. You might want to check there.

    Matt

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 23, 2017 at 01:22 PM

    Hello John,

    To assign any type of authorization from SAP IDM to SAP ERP, first you need to create a Role in SAP ERP which contains the authorizations (T77UA). Once role has been created, you need to import this role to IDM. After successful import, this became privilege in IdM which can be assigned to any user.

    Could you please clarify, what type of threat you are talking about.

    Note - IdM doesn't manage the risk mitigation and SOD conflict. This is done by SAP GRC.

    Regards,

    C Kumar

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 27, 2017 at 12:03 PM

    Thanks for yours answers.

    I have to talk with our SAP Team....

    Regards

    John

    Add comment
    10|10000 characters needed characters exceeded