SAP - Role Assignment Management

The What-if analysis for Role Assignment helps you determine the impact of assigning new roles to users or revoking existing roles before making these changes in your SAP system.

To create a What-if analysis for Role Assignment Management:

  1. Provide details on the following panels:
  2. Click Analyze. The completed What-if analysis will be displayed on the What-if Analysis home page. Click the What-if link to drill down to details of violations generated and take further action.

If Access Manager for SAP is installed on your server, you will be able to generate a Role Assignment Management type of request from this type of What-if analysis:

  • If the What-If analysis does not generate violations you can create a request either from the What-if home page or from the Violation Details page.
  • If the What-If analysis generates violations, you can create a request only from the Violation Details page.

Verify on Demand

The Verify on Demand feature gives you the option of refreshing the current status of a user in SAP immediately before performing a What-if analysis instead of using previously extracted data. This is critical if a situation demands accurate point-in-time information. All data pertaining to the user selected is extracted including roles, profiles, authorizations and attributes. To enable this feature, select the check box Analyze on live data.

Access to Verify on Demand is limited to the users assigned the Live Verify User role. The Live Verify role consists of additional privileges the user requires in SAP.

Data updated by a Live Verify analysis : The following data is updated when a Live Verify analysis is performed:

  • In case of generated profiles, Live Verify checks for the last scheduled extraction. If extract generated profile is 'on'-generated profiles will be extracted. (By default extract generated profile is set to 'off') .
  • If  roles are deleted from SAP or if users are locked or have expired in SAP , Live Verify will stop processing by displaying a message and the What If Analysis will be marked failed
  • Live Verify will not extract HR data, but will retain previous HR data
  • Live Verify will not be enabled in case of BIF and non-SAP AI connections
Note: A role assignment limits rule format will not generate violations for a role assignment management What-if as only one user can be analyzed at a time.