AnsweredAssumed Answered

How to apply SoD rule on SAP finest grains ?

Question asked by Baptiste DELIGNY on Feb 6, 2017
Latest reply on Feb 7, 2017 by Baptiste DELIGNY
  • Comment2

Hello,

I am looking for a way to collect all the elements of the SAP permissions chain :

  • Transaction
  • Transaction code
  • Object
  • Object Field
  • Object Field's Value

 

You will find, attached to this post, a schematic of the SAP data model I am talking about.

 

 

In order to apply SoD rules on the Object Field's Value.

Did someone ever do it ?

 

We were thinking of this mapping :

  • Transaction Code = > Application Role
  • Object = > entitlements
  • Object fields & object field's values => custom entitlement's attributes

But since we do not know in advance how many object Fields an object has, nor how many  values it contains, this seems inefficient.

 

How do you recommend we use, or expand, the RSA data model to store these informations ?

 

Thank you for your time and response,

Kind Regards,

 

Baptiste Deligny

Boris Lekumovich
Boris Lekumovich Employee Feb 6, 2017 7:30 PM
Correct Answer

As far as I now, SAP has potentially thousands of granular entitlements.

How many SOD rules do you expect to create?

 

In your scenario, are users being granted with SAP granular entitlements or only with SAP roles?

See the reply in context

Attachments

1 person had this question

Outcomes

    Visibility: RSA Identity Governance & Lifecycle216 Views
    Last modified on Feb 6, 2017 11:30 AM
    Tags:
    Categories: Data CollectionRole ManagementRules
    Ratings: