What is Role Designer in SAP IAG?
SAP Cloud Identity Access Governance, role design service is a cloud solution for creating, optimizing, and maintaining business roles for on-premises and cloud source systems.
This service provides integrated processes for designing and managing business roles. It reduces complexity in managing access for business applications.
It also ensures that users have optimized access assignments. Refer to the diagram for an illustration of this functionality.
Role Designer helps in simulate and optimize the business role content against SoD and Critical access violations so that the business role does not contain any inherent access risks.
What is Business Role & Candidate Role?
Business roles are groups of technical application authorizations by job function, user type or organization. The purpose of a business role is to make managing access more efficient by congregating different access types into one object that you can assign to a user.
A business role is typically associated with a job function or business process. An example for business roles is Accounts Payable team & Accounts Receivables team. Below are the various options in creating & managing business role and their use in access request form.
Option (A) – Creation of Direct business role and using in SAP IAG
1. Select business role tile under role designer.
2. Then Select Approvers & Coordinators (needs to be maintained in IAS with specific user group and mapping in BTP role collection)
3. Select the access (can be from one system or multiple system – example ARIBA and S4 in this context)
Option (B)– Creation of business role through Candidate Role and using in SAP IAG
1. Create the proposal for candidate role using the below tile to schedule the proposal job.
2. The candidate roles can be converted into business role by using the refinement workflow process-
Option (C)– Using Business role created in SAP GRC AC
1. The role which are available in SAP GRC system can be synced with SAP IAG system using the job scheduler with below variant.
Conclusion– Irrespective of which options we select in creating the business role, the same can be used in ARM in IAG or ARM in IAG bridge.
DataNub Technologies Business consultation and implementation aid customers in better understanding the business and its workflow, which minimize interruptions in the flow of business. With the help of our technical support team, we also make sure that the clients have a sufficient understanding of the business workflow.