UNDERSTANDING SAP NETWEAVER IDENTITY MANAGEMENT PDF
software: • Thorough understanding of the SAP NetWeaver Identity Management. • SAP NetWeaver Identity Management SP5 or newer is correctly installed. Virtual Directory Server - White Paper. Document (PDF). 45 mins (22 pages). September After completing this document, you will be able to understand . Sap netWeaver® identity management (Sap netWeaver id management) component, you can implement central- ized administration of your employees' user.
|Language:||English, Spanish, Dutch|
|Genre:||Health & Fitness|
|ePub File Size:||26.45 MB|
|PDF File Size:||14.65 MB|
|Distribution:||Free* [*Regsitration Required]|
Understanding SAP NetWeaver®. Identity Management. Bonn Boston SAP NetWeaver IdM in the Context of SAP NetWeaver .. 4. Overview of SAP. Master Guide. PUBLIC. Document Version: – SAP NetWeaver Identity Management Master Guide. NetWeaver Identity Management is based on Java technology and is Features of NetWeaver Identity Management and SAP Access Control.
Like this presentation? Why not share! Embed Size px.
SAP Identity Management Overview
Start on. Show related SlideShares at end. WordPress Shortcode. SAP Technology Follow. Published in: Full Name Comment goes here. Are you sure you want to Yes No. Pornthep L.
Diana Carolina Arias Zapata , Ing. Show More. No Downloads. Views Total views. Actions Shares. Embeds 0 No embeds. No notes for slide. All rights reserved. Public 2 3. Public 4 5.
Public 5 6. Public 6 7.
Identity Lifecycle How long does it take for new employees to receive all permissions and become productive in their new job?
Are permissions automatically adjusted if someone is promoted to a new position? How can you remove permissions automatically if employees change their Who has adequate position? How permissions of an employee? And how can you ensure that they were properly removed? Public 7 8.
Public 8 9. Public 9 Solution in Detail Role Management and Workflows Role Definition and Provisioning Role Definition design, one-time task Read system access information roles, groups, authorizations, etc.
Public 11 Context-Based Role Management: Benefits Reduced number of roles Reduced complexity Sufficient granularity Improved data consistency and governance Example: Public 12 Public 13 Public 15 From the first day with her new company, she is able to log on to all relevant systems, including access to the employee self-services, and access to SAP CRM to track the marketing activities she is responsible for.
Public 16 Business Process Driven Identity Management Position Change After two years as a marketing specialist, Kim is promoted and takes over personnel and budget responsibility for her marketing team.
On the first day in her new role, she has access to the manager self-services. In her new position, she is responsible for budget approvals for all marketing campaigns - this requires immediate access to SAP ERP to view the marketing costs. Public 17 The day after her official assignment with the company ends, she is no longer able to access any corporate systems. Public 18 Solution in Detail Compliant Identity Management Compliant Identity Management: Public 20 Public 21 Simplify and automate role assignment Reduce risk through compliance checks and remediation Automate manual processes through integration with SAP Business Suite Yes Approve assignments No Requirement: Source and Target Systems.
In principle. In Release 7. In every enterprise. With the exception of job. The runtime components IC runtime constitute the third layer of the IC architecture. The reason is that the SAP Provisioning Framework still includes delivered parts of the instrumentation — for example. Besides the current data stocks. A distributed installation of multiple dispatchers can be useful for load distribution or necessary when considering network issues security.
Among other things. The templates are stored in the file system and can be used for the configuration work in the administration console. Windows and Java. Dispatchers are configured to process queues with jobs. It plays a significant role for various interfaces for example.
Just like the dispatcher. Both dispatchers and event agents can be configured as executable services that can be integrated with the startup sequences of the supported system platforms. A simple example is the monitoring of a file via an event agent that triggers an event as soon as the file has been updated. As described previously. It offers special transformation functions and supports specific protocols. In the standard delivery. Then you can trigger an action in IC that.
EE Monitoring the creation. The Java runtime components use different classes to establish connectivity to the source and target systems. To do this. EE Dynamic determination of the connection data depending on the attributes of the user for instance. As you can see in Figure 4. Identity Services provide a central and standardized access point via web services and SPML for requesting and administrating identity information for the entire system environment.
EE Limitation of available attributes and filtering of the data value set depending on the logon information of the requesting user. Besides the already-mentioned integrations. EE Mapping and transformation of individual attribute values during access to meet the data formats requirements of various source and target systems.
Only one data source is visible for the requesting application. EE Virtualized access to different data sources.
In addition to the basic functionality for implementing the preceding use cases. EE Combination of attributes of different systems in one request. For example. By contrast. Chapter 8 provides a detailed description of all of the named components and parts. In the IC database. Within a standard installation. Data and Role Model 4. EE Which object classes are required for this purpose?
EE Which attributes belong to these object classes? EE Are attributes maintained in multiple languages or just in one? EE Do the objects relate to one another? Are these relationships 1: EE What information is supposed to be mapped with which level of detail in the identity store.
EE Is it sufficient to store information as a value of a specific attribute of an entity. EE Which attributes and objects have control functions in the subsequent request and approval processes? EE Which attributes are leading in which system? Can you determine priorities? EE How should this information be displayed in the UI?
Which validations should be used for the attribute values? EE Which sources connected source and target systems or manual input processes are leading for the attributes used? EE Which transformations must be implemented if you retrieve data from the sources? EE How long do you need to retain historical data within the framework of the applicable audit requirements in the system?
The list of questions could be continued indefinitely. EE Valid value lists that are stored in one or more languages. IC ensures the integrity of the data so that a relation between objects is always created. EE Display name in the UI can be maintained in various languages.
EE Validation functions in the form of regular expressions a character string that is used for describing quantities or subsets of character strings using certain syntactic rules. EE Display type in the UI checkbox. An entry type corresponds to an object class for mapping selected information of the respective entity.
Objects that are based on entry types can be related hierarchically. EE Leading systems for this attribute. These include: EE Data type for saving the attribute value in the identity store. An attribute has various properties which must be maintained.
EE Determination of actions that should be executed when the attribute is created. You can use these actions. This attribute is unique within the entire identity store and across all entry types and is a mandatory field. In the IC documentation these are referred to as technical roles. Entry type for managing and maintaining address attributes of a company address.
Table 4. In the IC documentation. The attributes of this entry type are based on the company address attributes that are available in the ABAP stack. Java roles. The group membership. This usually involves internal or external employees or business partners. The membership to a dynamic group enables you.
Via the group membership. By means of the cross-system combination of authorization objects from connected systems in business roles.
SP02 and includes a requested. Using the object classes. If such an exclusion is defined. Provisioning Logic and Workflows for individual roles.
SAP NetWeaver Identity Management
An example of this is the mutual exclusion of roles. You can store approval strategies — single level or multilevel with participants that are dynamically specified or determined in roles and processes — by defining different approval tasks see Section 4. Attributes for defining role owners.
In addition to the links shown in the figure. Many projects have the requirement to design the management of authorizations based on rules that automatically assign the authorizations to the corresponding persons. The mapping of the organizational structure in additional data objects is a useful example for implementing further object classes for objects such as organizational units. Through the use of entry types you can map the organizational hierarchy in the identity store using the corresponding relationships and thus — compared to other IdM solutions — create a powerful model for managing authorizations based on the structure that is maintained in the organizational model.
Up to now. EE Workflow control Evaluation of special attributes at the beginning of approval tasks and strategies. EE Status values Storage of status values. Chapter 8 provides details on the relevance of the attributes within the IC authorization concept and for the control of implemented workflows. EE Temporary attributes Storage of temporary attributes for controlling workflow tasks.
This is done based on the authorization rules of the appropriate workflow components. EE Entry types Whole entry types — for example. EE Value filtering Filtering of valid values in selection lists. The data modeling for reporting also involves answering the questions how long do you need to store specific information in the system and how can you ensure their historization. Besides the synchronization and distribution of essential identity master data.
Using this information. This section describes the basic mechanisms that are available in SAP NetWeaver IdM for the synchronization of data and thus for the development and comparison of the identity store with the connected source and target systems.
This also has the result that different systems initially have a leading nature for individual components of a user master record to be administrated centrally. This also applies to the development of an identity store in SAP NetWeaver IdM and the subsequent distribution of the identity data administrated therein.
Data and Role Model. For the data modeling with regard to reporting you must ultimately make sure that all data is provided for the necessary evaluations in the requested period because all information can be stored in the form of single-value and multivalue attributes in the identity store.
If the historical data is linked with the existing audit data via workflows. In most cases. EE An HR system as the leading data source for personal data. Lotus Notes or Exchange Server. As was shown in Figure 4. In the created repositories. The following sections describe the concepts that are associated with the data synchronization. A repository thus represents an application that either provides data to SAP NetWeaver IdM within the framework of synchronization of identity data or is the recipient of changed data — or both.
Thanks to this information and the fact that you specify the time of creation or change and the origin in the form of the repository name for each saved attribute in the identity store. The priority control of leading systems for individual attributes. Windows AD. Once the telephone number is imported from the telephone system and hence from the leading system. The synchronization of data both the initial population and the continuous update including defined rules must be supported by the tool used.
You can define them in IC at the attribute level. In addition to the fact that a corresponding technical adapter must be used. Using these technical adapters. In the enterprise infrastructure.
Sun ONE Directory. The best-known representatives are Novell eDirectory. The database adapter thus enables the reading and manipulation of possible tables in the connected database depending on the access rights of the user used.
Shell adapter The shell adapter allows for the execution of command line tools. Using this adapter. The call of stored procedures is also supported. Due to data protection and access limitations to personnel administration systems. File adapter The file adapter enables you to read and write files with field separators or fixed field length.
SAP Netweaver Identity Management
Section 4. The VDS assumes an important role. Jobs can either be based on delivered and preconfigured job templates or newly created within a project.
Data Synchronization and Provisioning 4.
- FUNDAMENTALS OF FINANCIAL MANAGEMENT VAN HORNE PDF
- UNDERSTANDING NUTRITION 13TH EDITION EBOOK
- ENGINEERING ECONOMICS AND MANAGEMENT BOOK PDF
- NELSON MATHEMATICS OF DATA MANAGEMENT PDF
- WEB PROJECT MANAGEMENT ASHLEY FRIEDLEIN EBOOK
- ACCLIPSE PDF MANAGER
- ORACLE 10G/11G DATA AND DATABASE MANAGEMENT UTILITIES PDF
- PROJECT MANAGEMENT IN PRACTICE PDF
- MACMILLAN ENGLISH PDF