GRC Exercises Workflow Config

7/29/2019 GRC Exercises Workflow Config

1/31

SAP NETWEAVER IDENTI TY

MAN AGEMENT 7.1 - WORK FLOW

CONFIGURATION

SCI261Exercises / Solutions

Kre Indry, Product Expert, SAP NW IdMMatt Kangas, SAP Technology RIG AmericasNghia Nguyen, SAP Technology RIG AmericasOliver Nocon, SAP Technology RIG EMEA


2/31

2


3/31

3

Exercise 1: Configuring Search and Display Tasks

Configure Settings for Search and Display of Users

Open the Identity Management MMC

Browse to folder SAP NW IDM Identity stores Enterprise People Create new Folder SCI261

Browse to folder SAP NW IDM Identity stores Enterprise People SAP Provisioning Framework Web EnabledTasks Identity Management


4/31

4

Copy task Change Own Data and store it in newly created folder SCI261 as Search User (hint: right-click to copyand paste)

Inspect the task Search User

Copy task Search User and store it as Display User

Inspect the task Display User and add attribute DESCRIPTION


5/31

5

Save your settings

Browse to the entry type MX_PERSON

Open the properties of MX_PERSON


6/31

6

Adapt the setting for Display task and Search task on the tab General

For Display task select the task Display User

For Search task select the task Search User


7/31

7

Verify your settings

Save your settings:


8/31

8

Inspect the Result in the End User Interface

Open the Identity Management UI in the browser by navigating to http://localhost:50000/idm

Log in with

User: Teched (xx = number 1-30)

Password: abcd1234

Browse to the tab Manage

Click on Advanced search this will show you the attributes as configured in your Search User task

Search for users


9/31

9

Select any search result

Inspect the details screen below your search result this will show the attributes as configured in your DisplayUser task


10/31

10

Ex erc ise 2: Cust omize Dat a for Search Resul t

Configure User Attributes to be Displayed in the Search Result Screen

Go back to your Identity Management MMC

Browse to the entry type MX_PERSON

Open the properties of MX_PERSON

Open tab Attributes

Change the settings of the column List for a selected set of attributes

Save your settings:

Inspect the Result in the End User User Interface



11/31

11

Log in with


Password: abcd1234

Browse to the tab Manage

Search for user

Inspect the set of attributes of the search result this will match the set of attributes where the list option has beenactivated (as configured above)Hint: Add the parameter NoCache to the url in order to invalidate the cache in case the changes do not take effectas expected:Example: http://localhost:50000/webdynpro/dispatcher/sap.com/tc~idm~wd~workflow/Idm?NoCache


12/31

12

Ex erc ise 3: Creat e UI Task Change User Prof i le

Goal of this exercise

Create a Change User Profile task which looks as follows

Create a new display task Change User Profile


Browse to folder SAP NW IDM Identity stores Enterprise People SCI261


13/31

13

Create a new Ordered task group and name it Change User Profile

Configure the layout of the task on tab Attributes

Select Entry type MX_PERSON


14/31

14

Following attributes should be displayed (hint: after selecting attributes, pressing Apply moves them to the top of the

list) (hint: Attributes can be moved in the list by selecting them and pressing the Up or Down keys).

ATTRIBUTENAME MANDATORY

MSKEYVALUE yes

DISPLAYNAME yes

MX_FIRSTNAME

MX_LASTNAME

MX_ADDRESS_STREETADDRESS

MX_ADDRESS_CITY

MX_ADDRESS_COUNTRY

MX_MAIL_PRIMARY

MX_MAIL_ADDITIONAL

MX_PHONE_PRIMARY

MX_PHONE_ADDITIONAL


15/31

15

Add a tab before MSKEYVALUE and after MX_PHONE_ADDITIONAL by using the context menu

Name the first tab Personal Data

Name the second tab Account Information

Add a section before MX_MAIL_PRIMARY by using the context menu and name it Communication Data


16/31

16

Save your configuration

Your end result should look as follows:


17/31

17

Configure the access control settings of the task Change User Profile

Navigate to the tab Access control of your task

Allow a user Teched (xx = number 1-30) to maintain data of every user in the system


18/31

18

Allow all users to maintain the profile for themselves (self-service)

The result should look as follows:

Save your task settings

Execute the Change User Profile Task



19/31

19

Log in with


Password: abcd1234

On the Self Services tab select your task, verify the layout and change some user information

Ex erc ise 4: Role Ow ner Approval

Workflow ApprovalFirst, a role must be created and assigned a workflow for approval.


20/31

20

Go back to the Identity Management MMC. Navigate to Identity Stores Enterprise People SCI262 CreateBusiness Role (new) Set Approval Framework Task Set Approval Framework Task Set Approval FrameworkTask

On the Destination tab change the Identity Store to Self

Press Apply to save


Log in with

User: Teched (xx = number 1-30)Password: abcd1234

Navigate to the Manage tab.


21/31

21

Create new role. Change type to Role and select Create...

Navigate to Create Business Role and select Choose Task

Give your role a name (Role ID and Display Name) and set the Workflow type for assignment to Owner Approval

Assign an owner to the role. The role owner will be the approver in this workflow. In the Entry Owner sectionsearch for users

Select a user as the Role Owner (Teched (xx = number 1-30)) and press Add


22/31

22

Press Create to save your entry

Now the role needs to be added to a user. Browse to the tab Manage

Search for user

Select a user (Teched (xx = number 1-30)) and press Choose Task


23/31

23

Select Web Enabled Tasks Identity Management Change Identity and press Choose Task

Give the user a last name. In the Assigned Roles section press Search to find your newly created role

Select the role and press Add to assign it to your user

Save your entry


24/31

24

Log out your current user and log in with the user assigned as the role owner. Navigate to the To Do tab. Selectthe request awaiting approval and press Show Request

Approve the request

You can now verify the status of the role assignment. Browse to the tab Manage


25/31

25

Search for user

Select the user you assigned the role to and press Choose Task

Select Web Enabled Tasks Identity Management Change Identity and press Choose Task

By clicking on the status OK you will get further details about the approval flow of the request:


26/31

26


27/31

27

OPTIONAL

Ex erc ise 5: Cust omize the Present at ion Set t ings of Change

User Prof i le Task

Adapt the Presentation of your Task


Open the task Change User Profile

Go to tab Presentation


28/31

28

Change the display name

Add a help url pointing to e.g. http://help.sap.com

Add a task header

Add a task description
http://help.sap.com/http://help.sap.com/


29/31

29

Add a text for the submit button

Add a text for the confirmation message

Save your task settings

Execute the Change User Profile Task Again


Hint: Add the parameter NoCache to the url in order to invalidate the cache in case the changes do not take effectas expected:Example: http://localhost:50000/webdynpro/dispatcher/sap.com/tc~idm~wd~workflow/Idm?NoCache

Log in with

User: Teched ( = number 1-30)

Password: abcd1234

On the Self Services tab select your task, verify the presentation settings of your task


30/31

30


31/31

2010 SAP AG. All rights reserved.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, and other SAP products and servicesmentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and othercountries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius,and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registeredtrademarks of Business Objects Software Ltd. in the United States and in other countries.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this documentserves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAPGroup") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errorsor omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth inthe express warranty statements accompanying such products and services, if any. Nothing herein should be construed asconstituting an additional warranty.

Documents

GRC Exercises Workflow Config