Versions Compared

Old Version 6

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The EmpowerID SAP S/4HANA connector lets you create, synchronize, and manage SAP S/4HANA user, role/profile and role/profile assignment information in EmpowerID. Imported user information can be managed and synchronized with data in any connected back-end user directories. When EmpowerID inventories SAP S/4HANA, it creates an account in the EmpowerID Identity Warehouse for each SAP S/4HANA user, a group for each SAP S/4HANA role or profile , and assigns group membership to users based on their role or profile memberships in SAP S/4HANA.

...

  • Inventories all SAP modules from the TDEVC table and stores them in the ResourceSystemModule table in EmpowerID

  • Inventories SAP transaction codes from the TSTC table and stores this information in the AzLocalRights table in EmpowerID along with the relation between the transaction codes and the SAP modules.

  • Inventories the relationship between roles/profiles and TCODES and stores this information in the AzAssigneeLocalRightScope table in EmpowerID

SAP Authorization Object and FieldTypes Inventory

  • Inventories SAP authorization objects from the TOBJ table and stores that information in the AzLocalRights table in EmpowerID with AzLocalRightTypeID of 7

  • Inventories SAP FieldTypes from the AUTHX table and stores that information in the AzFieldType table of EmpowerID

  • Inventories the relationship between authorization objects and fieldtypes and stores that information in the AzGlobalRightFieldType table of EmpowerID

  • Inventories the relationship between SAP single role to authorization object from the AGR_1251 table in SAP and stores that information in the AzAssigneeLocalRightScope table in EmpowerID

  • Inventories the relationship between SAP transaction codes and authorization objects from the USOBX_C table in SAP and stores that information in the AzGlobalRightRelatedRight table in EmpowerID

  • Inventories the relationship between Role > AuthObject > FieldType > Low and High values from the AGR_1251 and AGR_1252 tables and stores that information in the AzAssigneeRightAzGlobalRightFieldType of EmpowerID. The multiple explicit values are stored in the AzAssigneeRightAzGlobalRightFieldTypeValue table of EmpowerID.

Info

Inventory of SAP TCODES and SAP Authorization Objects and its field type values as rights in EmpowerID is optional. The inventory of these objects is controlled by the below system settings:

  • SAPInventorySAPPBAC – This is a Boolean setting that determines whether EmpowerID inventories SAP TCODES AND SAP Authorization data as AzLocalRights. The value must be set to true for EmpowerID to inventory both authorization data and TCODES as local rights.

  • SAPInventorySAPPBACTcodes – This is a Boolean setting that determines whether EmpowerID inventories ONLY SAP TCODES as AzLocalRights.

...

  • The value must be set to true for EmpowerID to inventory TCODES as local rights.

For information on how to configure these settings, please see Configure EmpowerID for SAP PBAC.

Account Attributes

Users in SAP are inventoried as accounts in EmpowerID. The following table shows the attribute mapping of SAP User attributes to EmpowerID Account attributes:

...

To connect EmpowerID to SAP, you need an SAP account, and you need to install SAP GUI Server on your EmpowerID Server.You also need the following from SAP to create your Account Store.

  • Host Name of the BAPI endpoint

  • Username that is authorized to read from and write to the BAPI

  • Password

  • App server FQDN

  • Instance number

  • System ID

...

You can connect EmpowerID to SAP R/3 system two ways:

...