How to do mass population of a Business Roles with privileges using txt file
- You will need txt file like this below with the Business Roles in the first column and the privileges that will be added to the BR in the second column.
2. After you have created the txt file in the Job folder you should create a job to fill a temporary table with the data from the file.
- First pass will read the data from a txt file and will store it in a temporary table
- Second pass will read the data from a temporary table and the will add the privileges to the Business Roles
3.Pass – Mass assign of privileges to Business Role will look like:
- In the source tab will be a simple select that will returns Business_roles and Privileges
- In the destination tab will have:
Note: link for a similar tool –SAP IdM Custom Add-on for Managing the Business Roles inside IdM(Authorization Matrix) – on WD&SAPUI5
Hope you like it 🙂
We use exactly the same approach, and for the implementation project, we made this format of file a deliverable so we could just then upload the mapping once signed off.
A word of caution, once you have started assigning your business roles to people, an upload of changes of privileges to role assignments can generate a lot of provisioning very quickly as the adjustments to the roles are automatically distributed.
Great blog, thanks for sharing.
Thanks for your comment.
I know that assigning a privileges to a Business Roles will trigger provisioning for the users, that already have this role, but this is what should happen. Also we have cases in our system, that the provisioning is not triggered, so we execute automatic reconcile after change of Business Role.
Actually this won't trigger any changes on users, because according the IDM documentation automatic reconcile should be OFF.
So that is way there should be a third pass which should trigger the reconcile for the users, but is not shown in the blog.
Great article, Simona. It is very useful.