Overall logical architecture for SAP Integration
The SAP Queries document contains a few queries for Accounts and Roles vs TCodes. But some organizations expect a more granular visibility into SAP, including Profiles and Authorizations.
I created additional collectors and queries, based on the SAP security model (see presentation attached).
The attached metadata export includes collectors created with 6.9
If SAP HR is needed as an IDC, you can ask the SAP administrator to use Ad-hoc query to generate the CSV extract:
You can export the above result to a file.
For the generation of the CSV extracts for the collectors, or alternatively for creating views or allowing a database direct connection, many tables need to be queried. It is possible to go through the SAP GUI and use SE16 to be able to retrieve the needed tables/files.
Of the tables in the above document, we need:
User profiles (multiple rows per user)
Authorisation profiles (i.e. &_SAP_ALL)
Composit profiles (i.e. profile has sub profile)
Roles in Composite Roles
Profile name for role
Assignment of roles to users
TCodes for Roles
Test data IDES(IDES-CSV.zip) Copy to /home/oracle/SAP
Screenshot after collection:
- Access Compliance Manager
- blog post
- Identity G&L
- Identity Governance & Lifecycle
- lifecycle and governance
- Product Blog
- Product Blog Post
- RSA Identity
- RSA Identity G&L
- RSA Identity Governance & Lifecycle
- RSA Identity Governance and Lifecycle
- RSA IGL
- tech huddle
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.