Hi experts,
I need your recommendation in SAP role assignment domain.
At my current client, they DO NOT have workflows, portal or GRC or AIM or any other security tool. They will have only sap backend and IDM probably.
The user id and their belonging organization unit, will be maintained in LDAP. There will be daily synchro between LDAP and IDM. We will create the back-end roles in SAP, and IDM will manage the sap role assignment based on the org unit of users.
The question is the following : client wants to manage automatically (if possible) the delegation of user authorization. They want that a user X in cost center X is able to delegate his access authorization to another user Y. With the result, the user Y will be able to do his job and the job of user X.
They want to have the flexibility of start and end period of this delegation, the end of delegation being managed automatically.
What happened if the user X loses his access in sap, does user Y also lose the same access?
I need your recommendations on how I can manage this situation please.
Thanks a lot
Cheers