msira Respected Contributor.
Respected Contributor.
562 views

Unpack SAP Permissions

I'm in 3.5.1

Currently, I have the following permission hierarchy:

Identity I -> SAP Account A -> Activity Group P1 -> TCODE P2.

If I query Identity I, I can see that it has SAP Account A and Activity Group P1. Similarly if I query SAP Account A I can see that it is mapped to Identity I and it contains permission P1. I cannot see P2 unless I query P1.


Is there a way to see if Identity I or SAP Account A is mapped to P2 permission?

In other (hopefully clearer) words: Can I query IG to see which users have which TCODES?
5 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Unpack SAP Permissions

msira,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



Micro Focus Expert
Micro Focus Expert

Re: Unpack SAP Permissions

On 4/17/19 3:06 PM, msira wrote:
>
> I'm in 3.5.1
>
> Currently, I have the following permission hierarchy:
>
> Identity I -> SAP Account A -> Activity Group P1 -> TCODE P2.
>
> If I query Identity I, I can see that it has SAP Account A and
> Activity Group P1. Similarly if I query SAP Account A I can see that it
> is mapped to Identity I and it contains permission P1. I cannot see P2
> unless I query P1.
>
>
> Is there a way to see if Identity I or SAP Account A is mapped to P2
> permission?
>
> In other (hopefully clearer) words: Can I query IG to see which users
> have which TCODES?
>
>

Greetings,
If you have correctly set-up your Application Collector then when
you go the Catalog -> Permission -> %Permission Name% you will be able
to see all Users (Identities) that have the permission



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
msira Respected Contributor.
Respected Contributor.

Re: Unpack SAP Permissions

stevewdj;2498667 wrote:

Greetings,
If you have correctly set-up your Application Collector then when
you go the Catalog -> Permission -> %Permission Name% you will be able
to see all Users (Identities) that have the permission


This is true but only for permissions that have one degree of separation.
In my case I can see accounts that have a permission SAP_ROLE.
But I cannot see accounts that have a TCODEs. Where TCODE is a child permission of SAP_ROLE.



Let me put it into pictures. This is the account SAP_ACCOUNT. I can see that it has (among other permissions) a SAP_ROLE. I cannot see any transactions (also permissions).






If I click the SAP_ROLE permission I can see that it has the subordinate permission TCODE1.





But when I click TCODE1, it shows nothing. No users, no parent permission:



I have redacted the info, but it is taken from an actual SAP System. Not from a CSV.
sosix Trusted Contributor.
Trusted Contributor.

Re: Unpack SAP Permissions

hi,

Any news about requirement? i've the same problem too and it would be nice to have some answer... please

 

0 Likes
FabianW Regular Contributor.
Regular Contributor.

Re: Unpack SAP Permissions

Fully support this request. I have the same issue with another application. 

It seems like the dependencies from bottom-up are not resolved, neither in the permissions view nor within the business roles. 

For Business Roles, I have put in ROLE_A as mandatory permission, however some users have an extended "ROLE_A_PLUS" which consists of ROLE_A plus additional permissions.  This role is optional within the business role. Unfortunately it's not resolved, for users with role_a_plus the role_a is still requested  if the "auto-grant" is active.  

In my opinion this should be possible with an identity governance tool.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.