and more in a single search tool across platforms. Read the announcement here. |
04/12/2022 01:21 PM
Hello All,
We are doing requirements gathering for S4 HANA for IGA (provisioning <account on S4 HANA - create, update, disabled, activate, delete>, access assignment via ARS, SoD and import of account and entitlements of S4 HANA onto Saviynt). The documentation on S4 HANA connector documentation says, we can use the DB connector and has details of create account JSON, but it mentions only a function/procedure name for assign and revoke access. Here is the assign Access json from the connector guide:
{
"HANA_Role" : ["CALL GRANT_ACTIVATED_ROLE ('${task.entitlement_valueKey.entitlement_value}',
'${accountName.toUpperCase()}')"]
}
I am looking for the following:
1. Is the DB connector sufficient enough to do provisioning, access assignment and import on S4 HANA?
2. Do we also need a JCO connector along with DB connector?
3. If anyone has implemented this connector, can you share sample JSONs or details around how can we implement provisioning, access assignment and import of account and entitlements into Savyint?
Any responses would be greatly appreciated
Thanks
Sunil Rashinkar
Solved! Go to Solution.
04/12/2022 03:04 PM
Hello Sunil,
SAP HANA and SAP S4 HANA are two different "products".
SAP S4 HANA is still an ABAP based which means you can still use the Saviynt SAP Connector : https://saviynt.freshdesk.com/a/solutions/articles/43000539903
SAP HANA is Database based hence needs a DB based connector of Type HANA : https://saviynt.freshdesk.com/a/solutions/articles/43000529920
Regards,
Avinash Chhetri
04/12/2022 03:04 PM
Thanks Avinash for your response.
I will check with our team on which SAP HANA is getting built.
We did try the SAP HANA SQL console (with my trial version on SAP) to create account, update account, disable account, enable account, delete account, get accounts, get roles, get privileges. But when I check the SAP HANA DB Connector guide screen shots, I see there are total 14 entitlements and I am able to see only 9 from the screen shots. Where can I get the complete list:
1. PROFILES
2. HANA_Rrole
3. Hana_Schema
4. Hana_Table
5. Analytical_privilege
6. System_Privilege
7. Package_Privilege
8. Application_Privilege
9. HANA_View
10. ??
11. ??
12. ??
13. ??
14. ??
Another question I have is, do we have to manage access assignment and revoke on all the above 14 entitlements?
Tks
Sunil
04/12/2022 03:04 PM
Hello Sunil,
I am not aware of the 14 entitlement types but the ones I know of are listed below.
Perhaps, what entitlement types needs to be managed in SAP HANA is something that the Project Team should be able to tell you.
I do not have a first hand knowledge on the subject matter and will leave it to the SME's in the community who has tackled it before.
Regards,
Avinash Chhetri
04/12/2022 03:05 PM
I see the following are not present in your list of 11 entitlement types:
Profiles
Object_Privilege
Attached image is from the SAP HANA DB connector guide on Freshdesk that shows 14 different types of entitlements.
My next step is to create SQL queries to retrieve each of them. I have SQL queries that gives me these entitlements form the HANA DB except for the following:
Profiles
Procedure
Packages
Do you have the queries for these?
The next set of questions I have are....
Does the SAP Role on HANA DB comprise of the 5 types of privileges (Analytical, System, Application, Package & Object) ? Or are these privileges separate and can be assigned to the user's account on SAP HANA DB? OR how are these roles associated with privileges. When I click on any role, I can see privileges under it and also I can assign privileges to the user's account on SAP HANA DB.
Appreciate all your responses so far
Thanks
Sunil Rashinkar