The SAP Cloud Identity Access Governance Role Design Service is a cloud solution for creating, optimizing, and maintaining business roles for on-premise and cloud target systems. This service enables integrated processes for designing and managing business roles while reducing complexity in managing access for business applications. It also ensures that users have optimized access assignments.
The Role Designer section in the Launchpad for the SAP Cloud Identity Access Governance contains tiles to create business roles, a Role Designer Overview, and tiles to Create Candidate Business Roles and Select Candidate Business Roles. There is also a Role Design Inbox and an app for Role Design Administration as well as a Candidate Business Role (CBR) Simulator.
In the first step roles, groups and authorizations, user access and usage activity from the target applications are extracted.
A business role is system independent and serves as a virtual container for technical roles. This means the business role does not exist on the individual target systems but only on IAG.
The content of candidate business roles (CBR) is proposed by IAG-based on user role assignments on the target systems. The CBR has to undergo a review process before it can be released.
The target system has to already be connected to SAP Cloud Identity Access Governance and you have upgraded the target system to one of the supported NetWeaver versions and support packs.
Your SAP BTP Global Account for SAP Cloud Identity Access Governance and the IAS tenant have been created by SAP. You have received the respective tenant account i
Required common master data and the master data specific to the Role Design Service which includes Projects should be set up: https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/e0a7486876aa42ae996ebf656be07b95.html?locale=en-US
Business roles are usually created or re-engineered in the context of a project. As a result of this, a project should be available. You create it with the corresponding app.
Relevant users and user groups are created in the Identity Authentication Service. For more information, refer to following SAP Help site: https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/d62c01ecdf314eaa8aa73a46ecb9d74f.html
To see what role collections should be assigned to access the Role Design service, refer to section, Role Collections and Associated Roles for the Role Design Service on the SAP Help site: https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/b9bec487c67947f284347b8e4e7650e4.html