The Roles Based Provisioning Module role is used to assign privileges in the connected system. In our solution is it used to assign access to the SAP Portal as well as restrict access to finance resources. When a user requests access to the SAP Portal, they are granted access. When a user requests access to a finance resource, their manager has to approve the resource.
To create the SAP Self Service role:
Launch Designer, and verify that your project is current.
To verify that your project is current, see Using the Compare Feature When Importing
in the Designer 3.0.1 for Identity Manager 3.6 Administration Guide.
In the Designer toolbar, click > > to display the view.
By default, the Provisioning view is displayed in the lower left corner of Designer.
In the view, click > > > .
Right-click the , then click .
Use the following information to create the role:
Identifier: Specify a unique name for the role. In this example, the role name is SAP Self Service. The and are populated with this name.
Category: Select the category.
Trustees: Add the container that holds your user objects as a trustee of this role. When a user logs in to the Roles Based Provisioning Module, this role is displayed for them to access.
Click to create the role.
Click the tab at the bottom of the new role.
Select under the Approval Details section.
When a user logs in to the Roles Based Provisioning Module and requests the SAP Portal resource, it is automatically granted to them.
Click the icon in the toolbar to save the change.
Right-click the User Application driver in the view, then click > to deploy the new role to the Identity Vault.
To create a finance role that requires a manager approval, see Section 3.3, Implementing Approval Policies on Roles that Grant SAP Authorizations. Create the role with the name of SAP Finance instead of SAP Restricted Resource.