David: "Hi, Sarah! The functional team has requested a report on business role assignments in the system. They also have questions about which business roles were created using the predefined templates from SAP. Can you show me how to report on business roles?"
Sarah: "Sure, David; we can get the requested information and more using the IAM Information System and Key Figures dashboard. Let's look at the system to see how easy it is."
IAM Information System App
The IAM Information System app is the primary reporting tool for business roles in Identity Access Management on SAP S/4HANA Cloud, public edition.
The IAM Information System provides an overview of business users in your system, as you saw earlier in Unit 2. For business roles, SAP gives you additional tools to gain a detailed understanding of how business roles are utilized in your system. Specifically, IAM Information System includes reports on:
Business role usage
Business roles created from a template
Business catalog assignment
Business role to business user assignment
Business role applications and restrictions
Additionally, SAP delivers standard reporting formats to make reporting on business roles easier to understand and more intuitive.
Depicted in the figure above, you see the filter configuration for the Business Role - Business Catalog report. The Adapt Filters option can be uniquely customized for each individual report.
The delivered report formats are:
- Business Role - Business User
- Business Role - Business Catalog
- Business Role - Restriction
- Business Role - Application
- Business Role - Business Role Template
- Business Role - Derived Business Role
Since you already saw the Business Role - Business User report in the earlier lessons on business users, for this lesson you will focus on the remaining reports from the business role perspective.
The Business Role - Business Catalog report displays the relationship of each business role defined in the system to each assigned business catalog. The report also provides direct access to the Business Role ID to review the complete role definition. You can access the catalog's detailed functional description using the direct link to each business catalog.
You can also evaluate any scope item dependencies for the roles' business catalogs. Business catalogs that do not depend on specific scope items are still listed but designated as Scope Item (0) with the message: The business catalog is not scope-dependent. Software component information is also available if required.
The Business Role - Restriction report depicts the configuration of each access category and each restriction type and restriction field value.
The Business Role - Restriction report displays the relationship of each business role and its defined restrictions. Each access category is listed along with the maintained access restrictions. The restriction field value for each restriction type is displayed so that the user can quickly determine which permissions have been granted by the business role.
You can access the documentation for each restriction type by selecting its hyperlink. The documentation defines all restriction fields and how they are used and lists where else the restriction type is used in other business catalogs.
You can use the Business Role - Application report to generate a list of applications and SAP Fiori apps from a particular business role. You can use the Business Catalog ID link to review the specific catalog documentation to learn more about the catalog, its apps, its dependencies, and more.
To determine which business roles have been generated using an SAP predefined business role template, use the Business Role - Business Role Template report. You can follow links for each Business Role ID and Business Role Template. You can access the Functional Description for the Business Role Template, determine which business catalogs are relevant, and identify any delivered Launchpad Spaces.
To review the Business Role - Derived Business Role report, refer to the previous lesson.
IAM Key Figures App
The IAM Key Figures app provides four charts for reporting on Business Roles in the system:
Number of Assigned Business Roles
Roles with Default Values
Business Roles with Unmaintained Restrictions
Unrestricted Business Roles
Each chart provides drill-down reporting capabilities and links directly to the Maintain Business User app or and Maintain Business Roles app. You can gain valuable insights into the security of your SAP S/4HANA Cloud, public edition using these simple apps.
You now know how to use the IAM Information System and IAM Key Figures apps to report on the use and status of business roles.