Implementing Role based Access Control in SAP Turning the organisation upside down
One of the things we have to achieve here at King Abdullah University of Science and Technology (KAUST) is a successful integration of SAP Netweaver IDM and SAP GRC. I am working on a white paper about this, more to follow. This is just an initial teaser.
Implementing a proper Role Based Access Control (RBAC) system can affect an organisation to its core and should not be treated light hearted! It can literally turn the organisation upside down, as I found out while implementing our initialy quite modest role model on an IDM sand box environment. One of the pre-requisites for a successful implementation is first building a semantic role model. A representation that can be easily communicated and understood by all. IDM’s MMC management console allows the user to build a graphical representation of the role model, by creating roles and sub-roles. You link the sub-role to the parent role with the ‘link to’ property This configuration option pops up when right clicking a sub role. The result is somewhat counter intuitive, as quite literally it turns the organisation ‘upside down’.
If you use the recommended web GUI to do the same this doesn’t happen, which somewhat confused me.
Thankfully a support call to Norway solved the mystery. Thankfully it seems I was not the first person to query this feature and, although technically correct, the developers at SAP labs have added a helpful configuration option to turn the organisation back in the more familiar ‘top down’ configuration.
As a search on SNC and IDM help pages did not reveal this trick, I decided to share it with readers of this blog, using three simple screen captures to explain the procedure.