Professional Documents
Culture Documents
SAP IdM Documentation Template
SAP IdM Documentation Template
com
1 INTRODUCTION............................................................................................................................................4
1.1 Purpose and Scope............................................................................................................................................4
1.2 Generic Rules....................................................................................................................................................4
1.2.1 Rules for new functions......................................................................................................................................4
1.2.2 Workflow diagrams............................................................................................................................................4
1.3 Naming Convention..........................................................................................................................................4
1.4 Relationship to other documents.....................................................................................................................4
1.5 ACL internal IdM roles....................................................................................................................................4
2 ARCHITECTURE (D, Q, P)............................................................................................................................5
3 DATA FLOW (ATTRIBUTES)......................................................................................................................6
4 GENERIC CONFIGURATION......................................................................................................................7
4.1 Operative Handling..........................................................................................................................................7
4.1.1 Transport of configuration..................................................................................................................................7
4.1.2 Creation of new repositories...............................................................................................................................7
4.1.3 Specific customization in productive environment............................................................................................7
4.2 Dispatcher..........................................................................................................................................................7
4.3 Structure of IdM Configuration......................................................................................................................7
4.3.1 Identity Store.......................................................................................................................................................7
4.3.2 Job Folder...........................................................................................................................................................7
4.4 Configuration....................................................................................................................................................7
4.4.1 No Master Tasks.................................................................................................................................................7
4.4.2 Event Tasks.........................................................................................................................................................7
4.4.3 Attribute Eventing...............................................................................................................................................7
4.5 Provisioning Framework..................................................................................................................................8
4.5.1 CORE Tasks.......................................................................................................................................................8
4.6 CONNECTORS................................................................................................................................................8
4.6.1 ABAP..................................................................................................................................................................8
4.6.2 JAVA................................................................................................................................................................11
4.6.3 ADS..................................................................................................................................................................11
4.6.4 HANA...............................................................................................................................................................11
4.7 GRC Framework............................................................................................................................................11
4.7.1 AC Validation...................................................................................................................................................11
4.7.2 AC Polling........................................................................................................................................................11
4.8 Jobs...................................................................................................................................................................12
4.8.1 Initial Load Jobs................................................................................................................................................12
4.8.2 Update Jobs.......................................................................................................................................................12
4.8.3 Other Jobs.........................................................................................................................................................12
4.9 Other Jobs.......................................................................................................................................................12
4.9.1 Notification Jobs...............................................................................................................................................12
4.9.2 General Jobs......................................................................................................................................................12
5 USE CASES.....................................................................................................................................................13
5.1 User creation...................................................................................................................................................13
5.2 Self Service.......................................................................................................................................................13
1 INTRODUCTION
Location of task:
4.4.1.2 Relevant custom attributes, constants, scripts, variables, entry types
Custom scripts:
4.4.2 Event Tasks
Every repository uses the following event tasks:
MX_ADD_MEMBER_TASK
MX_DEL_MEMBER_TASK
MX_MODIFYTASK
4.4.3 Attribute Eventing
4.4.3.1 Add/Delete Event on Attribute CUSTOMER_<RepName>_ACCOUNT
4.4.3.1.1 Description
Name of the task:
Handle_CUSTOMER_XXX_ACCOUNT
4.4.3.1.2 Workflow
1. Event on attribute CUSTOMER_<RepName>_ACCOUNT
2. Event Task Handle_CUSTOMER_ACCOUNT
3. Check Repository Type
4. Check User Exists (Source IdM)
5. Assign Account Privilege
Custom attributes:
Custom Scripts:
4.5 Provisioning Framework
4.5.1 CORE Tasks
4.5.1.1 Provisioning
Name of task:
Provisioning
Location of task:
Usage of the modified standard provision task which is set at the repository constant
MX_ADD_MEMBER_TASK and inherit to the account privilege. The modification
concerns to set the account attribute.
4.5.1.2 Deprovisioning
4.5.1.2.1 Description
Name of task:
Deprovisioning
Location of task:
4.5.1.3 Modify
4.5.1.3.1 Description
Name of task:
Modify
Location of task:
4.6 CONNECTORS
4.6.1 ABAP
4.6.1.1 MX_HOOK1_TASK Create ABAP User
4.6.1.1.1 Description
Name of task:
1. Create ABAP User
Location of task:
This plugin task is responsible for modification of ABAP User and is linked at an ABAP repository
Custom Scripts:
Custom attributes:
Global Constants:
4.6.1.2.1 Description
Name of task:
2. Modify ABAP User
Location of task:
This plugin task is responsible for modification of ABAP User and is linked at an ABAP repository.
4.6.1.2.2 Relevant custom attributes, constants, scripts, variables, entry types
Custom Scripts:
Custom attributes:
Global Constants:
4.6.1.3.1 Description
Name of task:
3. Deactivate ABAP User
Location of task:
This plugin is responsible for deletion of ABAP User. This implementation doesn´t use the standard and don´t delete the
user in backend and delete repository specific attributes.
Custom attributes:
4.6.1.4.1 Description
Name of task:
4. Assign User Membership to ABAP
Location of task:
This plugin task is responsible for assign ABAP roles or privileges to users with or without delta provisioning related of
the ABAP version.
4.6.1.4.2 Workflow
Custom Scripts:
Repository Constants:
4.6.1.5.1 Description
Name of task:
5. Revoke User Membership to ABAP
Location of task:
This plugin task is responsible for assign ABAP roles or privileges to users with or without delta provisioning related to
the ABAP version.
Custom Scripts:
Repository Constants:
4.6.1.6 MX_HOOK6_TASK_Enable_ABAP_User
4.6.1.6.1 Description
Name of task:
6. Enable_ABAP_User
Location of task:
This plugin task is responsible for enable the user at ABAP Backend and use a repository specific attribute.
Custom Scripts:
Custom attributes:
4.6.1.7.1 Description
Name of task:
7. Disable ABAP User
Location of task:
This plugin task is responsible for disable the user at ABAP Backend and use a repository specific attribute.
Custom Scripts:
Custom attributes:
4.6.1.8.1 Description
Name of task:
8. Set ABAP User password
Location of task:
This plugin task is responsible for sets a new initial password, remove the password lock and unlock the user.
Custom Scripts:
4.6.2 JAVA
4.6.3 ADS
4.6.4 HANA
4.7 GRC Framework
The standard configuration of the GRC integration is implemented and is extended for different features.
4.7.1 AC Validation
4.7.1.1 Description
Name of task:
AC Validation
Location of task:
4.7.1.2 Workflow
Custom Scripts:
Custom Attributes:
Custom Stored Procedures:
Global Constants:
4.7.2 AC Polling
4.7.2.1 Description
Name of task:
AC Polling
Location of task:
4.7.2.2 Workflow
Custom Scripts:
4.8 Jobs
4.8.1 Initial Load Jobs
4.8.2 Update Jobs
4.8.3 Other Jobs
4.9 Other Jobs
4.9.1 Notification Jobs
4.9.2 General Jobs
5 Use Cases