Skip to Content
  1. You will need txt file like this below with the Business Roles in the first column and the privileges that will be added to the BR in the second column.

/wp-content/uploads/2013/07/1_243413.png

     2. After you have created the txt file in the Job folder you should create a job to fill a temporary table with the data from the file.

/wp-content/uploads/2013/07/2_243414.png

  • First pass will read the data from a txt file and will store it in a temporary table
  • Second pass will read the data from a temporary table and the will add the privileges to the Business Roles

     3.Pass – Mass assign of privileges to Business Role will look like:

  • In the source tab will be a simple select that will returns Business_roles and Privileges
  • In the destination tab will have:

/wp-content/uploads/2013/07/2_243414.png


Note: link for a similar tool –SAP IdM  Custom Add-on for Managing the Business Roles inside IdM(Authorization Matrix) – on WD&SAPUI5

Hope you like it 🙂

Simona Lincheva

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Ian Daniel

    Hi Simona,

    We use exactly the same approach, and for the implementation project, we made this format of file a deliverable so we could just then upload the mapping once signed off.

    A word of caution, once you have started assigning your business roles to people, an upload of changes of privileges to role assignments can generate a lot of provisioning very quickly as the adjustments to the roles are automatically distributed.

    Great blog, thanks for sharing.

    Ian

    (0) 
    1. Simona Lincheva Post author

      Hi Ian,

        Thanks for your comment.

      I know that assigning a privileges to a Business Roles will trigger provisioning for the users, that already have this role, but this is what should happen. Also we have cases in our system, that the provisioning is not triggered, so we execute automatic reconcile after change of Business Role.

      BR,

      Simona

      (0) 
    2. Ivan Petrov

      Hi Ian,

      Actually this won’t trigger any changes on users, because according the IDM documentation automatic reconcile should be OFF.

      So that is way there should be a third pass which should trigger the reconcile for the users, but is not shown in the blog.

      Best regards,

      Ivan

      (0) 

Leave a Reply