Skip to Content
avatar image
Former Member

best practice roles activation

Hi all

We have installed Italian Baseline on our system and facing some problems with authorization profile generation.

Baseline is delivered with a set of roles empty (with menu, but without authorization object).

I found how to create authorization for that, but each authorization node ask me for a lot of data (for example.. stge location, order type and so on), as usual in role handling.

But it was our understanding, that with baseline, most of these data where taken automatically by customizing (that we have done).

I think that I am missing the correct baseline profile generation procedure. I cannot find help in baseline guidelines that send me to Identity Management for more information.. but also here I did not find anything.

Can anyone please make clear on Best Practice Roles Activation / Profile Generation please?

Thanks in advance


Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Apr 27, 2012 at 04:16 PM

    Hi, this is taken from the SAP IdM config guide

    Automatic profile generation must be enabled on the AS ABAP so that changes to role assignments are automatically reflected in a user’s profile. You can check this using table maintenance (for example, transaction SM30). Maintain the table PRGN_CUST. Make sure an entry with the name AUTO_USERCOMPARE exists in the table and that it contains the value YES.

    If you do not activate AUTO_USERCOMPARE, then run the report PFCG_TIME_DEPENDENCY after executing any provisioning steps.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Creation of authorization objects and profiles will continue to be done in your ABAP system. All Identity Management does is consume the name (pointer) to the role and profile after it has already been created in the end system. Take a look at the initial import job from the ABAP system. You don't create the roles/profiles in Identity Management, you import(consume) them. After that, you can them in business roles/assign to users, etc.

      Hope that answers your question.