Skip to Content
0

SAP IDM and structural authorizations

Feb 23, 2017 at 10:06 AM

141

avatar image

Hi Experts,

Iam looking for a solution to provision structural authorizations (T77UA) after creation the user in su01. The only threats I have found are from the year 2009/2010 with IDM 7.1 and not all links are still working.

What is the best way to realize that? We have IDM 7.2.

Thanks

John

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Henrik Madsen Feb 24, 2017 at 01:00 AM
1

There is no standard functionality for this. Instead, you should implement context sensitive authorisations in the backend system. This will remove the need to provision the structural profiles. It is then just included in your standard authorisation/ role concept

/henrik

Share
10 |10000 characters needed characters left characters exceeded
Hendrik Winkler Mar 08, 2017 at 08:37 AM
1

Hey John,

this is a very common issue. I personally believe that more clients would be using IDM if there was a great out-of-the-box solution for this.

Did you have any success yet?

The only solution I know is custom made post-processing of user attributes or roles on the ABAP side, which translates them into assignments of the org. Management tree.

With Kind regards,

Hendrik

Share
10 |10000 characters needed characters left characters exceeded
Matt Pollicove
Feb 23, 2017 at 01:19 PM
0

Hi John,

SAP IDM has no direct support for this SAP functionality. I believe it has been mentioned over at the SAP IDM Idea place. You might want to check there.

Matt

Share
10 |10000 characters needed characters left characters exceeded
C Kumar Feb 23, 2017 at 01:22 PM
0

Hello John,

To assign any type of authorization from SAP IDM to SAP ERP, first you need to create a Role in SAP ERP which contains the authorizations (T77UA). Once role has been created, you need to import this role to IDM. After successful import, this became privilege in IdM which can be assigned to any user.

Could you please clarify, what type of threat you are talking about.

Note - IdM doesn't manage the risk mitigation and SOD conflict. This is done by SAP GRC.

Regards,

C Kumar

Show 3 Share
10 |10000 characters needed characters left characters exceeded

Would love to see a blog about this. I get this request somewhat often!

Matt

1

Sure Matt will try to write it very soon :)

- C Kumar

1

Hello Matt,

Blog is published now :)

Regards,

C Kumar

0
John John Feb 27, 2017 at 12:03 PM
0

Thanks for yours answers.

I have to talk with our SAP Team....

Regards

John

Share
10 |10000 characters needed characters left characters exceeded