Solved: sap cloud identity provisioning service access

Lee3 · ‎01-31-2019

Hi experts,

I have a question about the roles that can be created in the service configuration of the identity provisioning. What can be achieved with this roles new roles?

We created a new group, and a new role, but when the user access the identity provisioning then we see the message 'user is not assigned to the IPS_ADMIN role'.

What we want is to give some users only acces to the logging in the identity provisioning service , is this possible?

Thanks in advance,

Vo.

oppancs · ‎01-31-2019

Dear J. Vo,

n order to access the service (Identity Provisioning) the predefined role "IPS_ADMIN" is required and I assume there is no "workaround" to create custom roles for it. See the documentation's "1.6.3 Authentication and Roles" section:

https://help.sap.com/doc/c30747989e33466e8e4f789dd9c3c81c/Cloud/en-US/Provisioning_Service.pdf

IPS_ADMIN – this is the main administrator role. It provides you with access to all Identity Provisioning UI systems and features. You can manage source, target and proxy systems, run and schedule jobs, view and
maintain job logs, and reset the tenant.

Also in "1.3.1 Access the Identity Provisioning (Trial)" part if you check "Prerequisites" part you can see only this predefined role can be added to the service. Custom roles can be only added to applications, see SAP Help Document:

https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/db8175b9d976101484e6fa303b1...

At least there is no documentation that would prove the opposite

Best Regards,
Barnabás Paksi

sap cloud identity provisioning service access

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Iterating through JSONModel with multiple nested a...

Re: Connecting SAP CAP with SAP Cloud ALM

How to use CopyProvider on Table created by TypeSc...

How to execute/fire onPost when user press enter o...

Re: Connecting SAP CAP with SAP Cloud ALM