3.2 Implementing User Self Service for SAP Authorization Requests

To reduce help desk calls and the amount of time required to grant resources, you can use the Role Mapping Administrator and the Roles Based Provisioning Module to allow users to request access to certain SAP authorizations.

After the following procedures are completed, users can log into the Roles Based Provisioning Module and request access to the SAP Portal, then automatically receive access after the request is issued.

To create a SAP Self Service role:

  1. Launch Designer, and verify that your project is current.

    To verify that your project is current, see Using the Compare Feature When Importing in the Designer 3.0.1 for Identity Manager 3.6 Administration Guide.

  2. In the Designer toolbar, click Window > Show View > Provisioning to display the Provisioning view.

    By default, the Provisioning view is displayed in the lower left corner of Designer.

  3. In the Provisioning view, click User Application > Role Catalog > Roles > Business Role.

  4. Right-click the Business Role, then click New.

  5. Use the following information to create the role:

    Identifier: Specify a unique name for the role. In this example the role name is SAP Self Service. The Display Name and Description are populated with this name.

    Category: Select the Default category.

    Trustees: Add the container that holds your user objects as a trustee of this role. When a user logs in to the Roles Based Provisioning Module, this role is displayed for them to access.

  6. Click Finish to create the role.

  7. Click the Advanced Options tab at the bottom of the new role.

  8. Select None under the Approval Details section.

    When a user logs in to the Roles Based Provisioning Module and requests the SAP Portal resource, it is automatically granted to them.

  9. Click the Save icon in the toolbar to save the change.

  10. Right-click the User Application driver in the Provisioning view, then click Live > Deploy to deploy the new role to the Identity Vault.

To map the Self Service role to the SAP Portal Access:

  1. Log in to the Role Mapping Administrator.

  2. Select the SAP Self Service role.

  3. Access the SAP Portal System in the Authorizations panel.

  4. Select the roles in the SAP Portal that grant a user access to the resource and drag and drop them into the Mapping panel.

  5. Click Apply to save and deploy the changes.

The Self Service role is mapped to the SAP Portal authorization, which is now available for users to request through the Roles Based Provisioning Module. When the users request this access, they are automatically granted access to the SAP Portal because of the role mapping.