Overall logical architecture for SAP Integration
The SAP Queries document contains a few queries for Accounts and Roles vs TCodes. But some organizations expect a more granular visibility into SAP, including Profiles and Authorizations.
I created additional collectors and queries, based on the SAP security model (see presentation attached).
The attached metadata export includes collectors created with 6.9
If SAP HR is needed as an IDC, you can ask the SAP administrator to use Ad-hoc query to generate the CSV extract:
You can export the above result to a file.
For the generation of the CSV extracts for the collectors, or alternatively for creating views or allowing a database direct connection, many tables need to be queried. It is possible to go through the SAP GUI and use SE16 to be able to retrieve the needed tables/files.
Of the tables in the above document, we need:
UST04 | User profiles (multiple rows per user) |
USR10 | Authorisation profiles (i.e. &_SAP_ALL) |
UST10C | Composit profiles (i.e. profile has sub profile) |
AGR_AGRS | Roles in Composite Roles |
AGR_DEFINE | Role definition |
AGR_PROF | Profile name for role |
AGR_USERS | Assignment of roles to users |
| AGR_ATTS | Roles Attributes |
| AGR_TCODES | TCodes for Roles |
Test data IDES(IDES-CSV.zip) Copy to /home/oracle/SAP
Screenshot after collection:
