Skip to Content

How to do mass population of a Business Roles with privileges using txt file

  1. You will need txt file like this below with the Business Roles in the first column and the privileges that will be added to the BR in the second column.

/wp-content/uploads/2013/07/1_243413.png

     2. After you have created the txt file in the Job folder you should create a job to fill a temporary table with the data from the file.

/wp-content/uploads/2013/07/2_243414.png

  • First pass will read the data from a txt file and will store it in a temporary table
  • Second pass will read the data from a temporary table and the will add the privileges to the Business Roles

     3.Pass – Mass assign of privileges to Business Role will look like:

  • In the source tab will be a simple select that will returns Business_roles and Privileges
  • In the destination tab will have:

/wp-content/uploads/2013/07/2_243414.png


Note: link for a similar tool –SAP IdM  Custom Add-on for Managing the Business Roles inside IdM(Authorization Matrix) – on WD&SAPUI5

Hope you like it 🙂

Simona Lincheva

4 Comments
You must be Logged on to comment or reply to a post.
  • Hi Simona,

    We use exactly the same approach, and for the implementation project, we made this format of file a deliverable so we could just then upload the mapping once signed off.

    A word of caution, once you have started assigning your business roles to people, an upload of changes of privileges to role assignments can generate a lot of provisioning very quickly as the adjustments to the roles are automatically distributed.

    Great blog, thanks for sharing.

    Ian

    • Hi Ian,

        Thanks for your comment.

      I know that assigning a privileges to a Business Roles will trigger provisioning for the users, that already have this role, but this is what should happen. Also we have cases in our system, that the provisioning is not triggered, so we execute automatic reconcile after change of Business Role.

      BR,

      Simona

    • Hi Ian,

      Actually this won’t trigger any changes on users, because according the IDM documentation automatic reconcile should be OFF.

      So that is way there should be a third pass which should trigger the reconcile for the users, but is not shown in the blog.

      Best regards,

      Ivan