In this blog, we are also covering Top-Down User Sync Best Practice as well when users are assigned with appropriate group from your HR System or IDM and syncs to different SAP Applications for authorization.
Role-based access control (RBAC) is a security approach that uses roles to define what a user is and isn’t allowed to do. In an SAP Commissions application, users are assigned roles with varying permissions for different resources, including workflow, territory & quote, and embedded analytic applications
So, when a user tries to access a application, the system will first find the roles associated with the user and then check if any of the roles have the appropriate permission. If so, the user is allowed to access the application. If not, the user is denied access
Let's see the High Level Understanding flow
Authorization is about answering the question, “Is this user allowed to do a certain operation?”. This is different from Authentication, in which we answer the question, “Which user is this request coming from?”
Both are essential to most applications, and as such, we first go through authentication flows to identify who the user is. Then we go through authorization flows in which we decide if the user has permission to do certain operations.
Example : SAP Identity Authentication Service(IAS) is maintaining all the users with groups which is received from Successfactors, Azure, Sailpoint, Workday or any other systems for users Authorization access while going through Authentication process. Follow step by step to have RBAC Process in place for SAP Commissions Application
Go to User Administration > Select Roles > Expand Callidus Portal > Select Role to assign Permissions
Select anyone of the Role to see Permissions are added correctly according to the role defined.
Go to Groups and Click + and New Dialog box will be displayed
From the previous step, you have created a Group, so you can select the Group and Click Add in Assigned Roles and pick the roles displayed in your dialog screen and assign it.
Another example for Administrator role to assign it to Group Level
Now, we can see Users are synced with appropriate User Groups which is as per your IDM or HR System according to the Authorization process.
Exact User Groups are matching from above step in both systems (from the Identity Management system maintained by your HR System or from Azure, Okta, SailPoint or any other systems)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
4 | |
4 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 |