cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Type filter on SAP Initial Load

Former Member

on ‎11-24-2011 7:06 PM

0 Kudos

Hello IDM Gurus,

Had a quick question with regards to user import / initial load from an SAP system; how do you filter to only bring in dialog users (type A) and exclude communication / non-dialog users? I have tried adding a filter parameter to the Source tab, but to no avail yet; what is the right parameter and value to add within the Source tab of an initial load job? or is there another way to filter only dialog users within an initial load job?

I would greatly appreciate any suggestions / advice on the issue!

Thanks a lot in advance!

Best regards,

Sandeep

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-05-2014 5:46 AM

Hello,

While searching for a solution to same case as you have , I landed to this post.

However I was able to solve this issue as mentioned below.

It is better to have below filter in Read Pass(for your use case) to save time by avoiding unwanted data read.

FILTER = SELECTION_EXP:0/PARAMETER=LOGONDATA

FILTER1= SELECTION_EXP:0/FIELD=USTYP

FILTER2= SELECTION_EXP:0/OPTION=EQ

FILTER3= SELECTION_EXP:0/LOW=A

Hope it will be searchable to others when they stuck to this issue.

Regards,

Pradeep

Show replies
Show replies
Former Member
‎11-28-2011 2:10 PM
0 Kudos

Hi Sandeep,

regardless your question, why do you want to read only dialog users?

Have you taken account to the service user? They're also able to log in in dialog mode.

Further more, can you ensure that never a user would be created by IDM named like an already existing one?

And, back to your question.

I'm going to have a look at our System and tell you (hopefuly) a solution.

<Added>:

I had a look at the system, you can select users by setting filter on column "securityPolicy". Please try and let me know!

Kind regards,

Achim

Edited by: Achim Heinekamp on Nov 28, 2011 7:29 PM

Show replies
Show replies
Former Member
‎11-30-2011 10:06 AM
0 Kudos

Hi Achim,

Thanks a lot for your quick response!

True; actually we hope to put this in place, so as to NOT bring in communication users; so hopefully this securityPolicy setting should work and we can only bring in users of type A; how do you use the filter? what is the syntax you are using?

About your question; do you have practices in place to ensure that a duplicate users aren't created in IDM?

and on a totally different topic, have you had a job in place to keep users in sync from the target SAP systems; the ones that don't get created in IDM? and if so, do you ever have to disable your event tasks for your repositories in order to prevent them from getting kicked off for every user that gets loaded in to the Identity Store? and if so, how do you disable your event tasks programatically? Sorry but this is actually questions that fall under a completely different topic; I might have to post a new thread to see if I can get any answers around it.

Thanks again for your response Achim!

Best regards,

Sandeep

Former Member
‎11-30-2011 5:02 PM
0 Kudos

Hi Sandeep,

you can use it within the where-clause of your sql statement, to select the users you want to use within IDM.

Something like "select logonuid from <prefix>_rt_u.sap<repName>Users where securityPolicy = 'A' or securityPolicy ='<Character>'

To prevent the creation of an already existing User, sometimes we are using prefixes in the target system like a number or a small word like "FUNC" followed by an underscore.

Unfortunately, i have to close this message due to work end, but, I'm going to work further on it later this day or tomorrow.

Kind regards,

Achim Heinekamp

Former Member
‎12-01-2011 12:50 PM
0 Kudos

Hi Achim,

Will have a look at adding the filter to the existing job we have.

Actually I suppose you could add the filter to either the source tab by adding the securitypolicy parameter there with a value of "A" in the Read Users pass or add it via the select statement as you had mentioned in the Write ABAP users pass.

Thanks again for your quick response!

Best regards,

Sandeep

Edited by: Sandeep Jayendran on Dec 1, 2011 1:50 PM

Ask a Question