and more in a single search tool across platforms. Read the announcement here. |
11/03/2023 06:28 AM
Hello,
We are working to configure SoD for SAP S4 Hana.
The roles in S4 are configured as follows:
I defined a function in SoD, in which I want to add an object. In the object I want to add a SAP Role, not the TCODE. Is this supported in Saviynt?
Can I have role-based SoD, instead of transaction (TCODE) based SoD?
I tried to add a SAP Role, e.g., ZC:Accountant_Example, but it is not found. If I try to add the TCODE that is inside the SAP Role, I am able to find it.
Thanks in advance for your help.
Mihaela
11/03/2023 07:07 AM
Hi @Miha
Non-SAP ruleset allows you to perform SOD evaluation based on entitlements.
SAP ruleset allows you to perform SOD evaluation for SAP systems based on SAP entitlements (Tcodes).
For SAP functions, you have to select Tcode only.
Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.
11/03/2023 08:35 AM
Hey @Dhruv_S ,
Thanks for the quick answer!
So if I use Saviynt Function Type SAP, I can only use TCODES in the function objects.
If I want to use SAP Roles (entitlements), instead of TCODES, I need to select non-SAP Saviynt Function Type, I understand correctly?
Thank you,
Mihaela
11/03/2023 10:13 AM - edited 11/03/2023 10:14 AM
@Miha You have to use Saviynt function type as SAP as you are using SAP s4 Hana application.
SAProles also TCODES.
To perform SOD evalution we use entitlements in Non-SAP system.
To perform SOD evalution we use TCODES in SAP or SAP GROUP system.
Creating Functions (saviyntcloud.com)
11/03/2023 07:35 PM
Functions are logical grouping of entitlements (access) that defines a user’s ability to perform business tasks. EIC enables you to manage the business function definition as a conditioned group with multiple entitlements. Entitlements can be logically grouped within a function by using conditional operators.
For SAPGROUP rulesets, following are the prerequisites:
After uploading a ruleset, if you add or remove any endpoints associated to an organization, you must upload the ruleset again for the changes to reflect.
|
11/05/2023 08:39 PM
Hi @Miha
You have to use T codes for SAP/SAPGroup functions. Since your application is SAP S4HANA application, you should not use Non-SAP function also.
Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.
11/06/2023 01:29 AM
@Dhruv_S thanks for the answer.
I am using SAP Function, as my application is SAP S4 Hana, but i want to add SAP Roles, not T codes in the objects... I want the SoD to be evaluated on parent entitlement, which are SAP roles, instead of T codes. Is that possible or not? Is some additional license required?
Thanks,
Miha
11/06/2023 02:22 AM
11/07/2023 07:53 AM
Hi @Miha
Thanks for your patience. We checked internally with our team on this issue and got the below solution.
If you want to use the SAP Roles instead of T codes, you can use the non-sap function type and add the sap roles as entitlements. It is supported by Saviynt.
Please test the scenario with Non-SAP function and let us know if you have any further questions on this.
Regards,
Dhruv Sharma
If this reply answered your question, please accept it as Solution to help others who may have a similar problem.