Click here to load reader

SAP NetWeaver Identity Management Identity Center Tutorial - Working ...a248.g. · PDF fileSAP NetWeaver® Identity Management Identity Center Tutorial - Working with roles and privileges

  • View
    221

  • Download
    0

Embed Size (px)

Text of SAP NetWeaver Identity Management Identity Center Tutorial - Working ...a248.g. · PDF fileSAP...

  • SAP NetWeaver Identity Management

    Identity Center

    Tutorial - Working with roles and privileges

    Version 7.2 Rev 1

  • Copyright 2011 SAP AG. All rights reserved.

    No part of this publication may be reproduced or transmitted in any form or for any purpose without the expresspermission of SAP AG. The information contained herein may be changed without prior notice.

    Some software products marketed by SAP AG and its distributors contain proprietary software components of othersoftware vendors.

    Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

    IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10,System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400,S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5,POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect,RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli andInformix are trademarks or registered trademarks of IBM Corporation.

    Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

    Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of AdobeSystems Incorporated in the United States and/or other countries.

    Oracle is a registered trademark of Oracle Corporation.

    UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

    Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.

    HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium,Massachusetts Institute of Technology.

    Java is a registered trademark of Sun Microsystems, Inc.

    JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented andimplemented by Netscape.

    SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products andservices mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG inGermany and other countries.

    Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, WebIntelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respectivelogos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries.Business Objects is an SAP company.

    All other product and service names mentioned are the trademarks of their respective companies. Data contained in thisdocument serves informational purposes only. National product specifications may vary.

    These materials are subject to change without notice. These materials are provided by SAP AG and its affiliatedcompanies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAPGroup shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Groupproducts and services are those that are set forth in the express warranty statements accompanying such products andservices, if any. Nothing herein should be construed as constituting an additional warranty.

    Page 3 of 96

  • i

    Copyright 2011 SAP AG. All rights reserved.

    Preface

    The productSAP NetWeaver Identity Center is a high-end identity management solution, capable ofhandling a large amount of repositories containing an unlimited amount of information. TheIdentity Center offers a robust, flexible and scalable high-availability solution for workflow,provisioning, data synchronization and joining for a large number of data repositories. TheIdentity Center provides a framework for a number of jobs.

    The readerThis manual is written for people who need an introduction to the SAP NetWeaver IdentityManagement User Interface and the managing of roles and privileges.

    PrerequisitesTo get the most benefit from this manual, you should have the following knowledge:

    General knowledge about the Identity Center and job definitions for instance as described inSAP NetWeaver Identity Management Identity Center Initial Configuration and SAPNetWeaver Identity Management Identity Center Tutorial: Basic Synchronization.

    General knowledge about provisioning and task definitions as described in SAP NetWeaverIdentity Management Identity Center Tutorial Provisioning.

    Knowledge of Microsoft SQL Server or Oracle.

    The following software is required:

    SAP NetWeaver Identity Management Identity Center version 7.2 or newer must becorrectly installed and licensed.

    SAP NetWeaver Identity Management User Interface must be installed and configured forthis Identity Center and identity store (according to SAP NetWeaver Identity ManagementIdentity Center: Installing the Identity Management User Interface).

    An Identity Center where at least one dispatcher has been configured and is running.

    The data source used in this tutorial (hr.csv) is stored together with this document on theSAP Developer Network, SDN (https://www.sdn.sap.com/).

    The manualThe manual is a tutorial giving an introduction to the privileges, roles and workflow functions ofthe Identity Center.

    This tutorial is not a substitution for training.

    Person names used in this tutorial are fictional.

    https://www.sdn.sap.com/

  • ii

    Copyright 2011 SAP AG. All rights reserved.

    Related documentsYou can find useful information in the following documents:

    SAP NetWeaver Identity Management Identity Center: Installation overview

    SAP NetWeaver Identity Management Identity Center: Installing the database (MicrosoftSQL Server/Oracle)

    SAP NetWeaver Identity Management Identity Center: Installing the Identity ManagementUser Interface

    SAP NetWeaver Identity Management Identity Center Initial Configuration

    SAP NetWeaver Identity Management Identity Center Tutorial: Basic Synchronization

    SAP NetWeaver Identity Management Identity Center Tutorial Provisioning

    For information on SAP NetWeaver see http://help.sap.com.

    Page 5 of 96

    http://help.sap.com/

  • iii

    Copyright 2011 SAP AG. All rights reserved.

    Table of contentsIntroduction .................................................................................................................................. 1

    Roles and role-based provisioning ......................................................................................................... 1The identity store .................................................................................................................................. 2Identity Management User Interface...................................................................................................... 3Access control on tasks ......................................................................................................................... 3Use case ............................................................................................................................................... 4Tasks, roles and privileges .................................................................................................................... 5The data source ..................................................................................................................................... 7The data flow and the task structure ...................................................................................................... 8Preparations .......................................................................................................................................... 8Section overview ................................................................................................................................ 12

    Section 1: Building the identity store ......................................................................................... 13Disabling automatic attribute creation ................................................................................................. 13Defining a repository definition for the data source ............................................................................. 14Reading the source data into the identity store ..................................................................................... 16Verifying the contents of the identity store .......................................................................................... 22Enabling the delta ............................................................................................................................... 24

    Section 2: Creating the privileges ............................................................................................... 26Creating folder for privileges .............................................................................................................. 26Defining repository definition for folder .............................................................................................. 27Creating the privileges ........................................................................................................................ 29

    Section 3: Creating the User Interface tasks .............................................................................. 30Creating the folder .............................................................................................................................. 30Adding the User Interface tasks ........