Identity Management for SAP SNC: Distribution of Local Users

In this use case, a user administrator can create or change a user in SAP Supply Network Collaboration (SAP SNC) and distribute the new or changed user across a system landscape through SAP NetWeaver Identity Management. This use case is particularly relevant in collaboration scenarios, where user administrators and business users from business partners can access an SAP SNC system, but do not have access to or authorizations for an SAP NetWeaver Identity Management system. For example, a user administrator at a supplier does not have direct access to the SAP NetWeaver Identity Management system at a customer location, but only to the Web user interface of SAP SNC through an Internet connection. Business users can also use the user self-service functions in the user administration in SAP SNC to change their own data, and these changes have to be transferred to SAP NetWeaver Identity Management. This is solved with this use case.

In addition, with the integration of SAP SNC with SAP NetWeaver Identity Management, you can perform a governance, risk, and compliance management for external user requests, for example:

• Authorization requests coming from external users or external user administrators can be validated in a central system.

• In critical cases, SAP NetWeaver Identity Management can trigger workflows before it grants authorizations automatically.

For more information about governance, risk, and compliance management in SAP NetWeaver Identity Management, see the SAP NetWeaver Identity Management documentation on SAP Help Portal at http://help.sap.com.

For more information, see Master Data and Settings for Identity Management with SAP SNC.

When a business user changes his or her data, or a user administrator tries to create or change a user in SAP SNC, SAP SNC does not immediately save the data to the database. Instead, the creation or change request is sent to the SAP NetWeaver Identity Management system. A user administrator can make the following changes, which are then transferred as requests from SAP SNC to SAP NetWeaver Identity Management:

• Create user account

• Change user account

• Lock or unlock a user account

• Change role assignment (with roles created in the Role Maintenance transaction PFCG)

• Reset password

A user can make the following changes, which are then transferred as requests from SAP SNC to SAP NetWeaver Identity Management:

• Change user data

• Reset password

SAP NetWeaver Identity Management executes the requests, and creates and distributes the new or changed user data to SAP SNC and other systems of the system landscape.

If a new user has been created, SAP NetWeaver Identity Management also identifies the relevant technical roles in the systems of the system landscape. (These technical roles have been defined in the role model in SAP NetWeaver Identity Management.) It then triggers the assignment of these roles to the user during user creation in the respective systems of the system landscape.

For more information about how the process of user creation and change runs in SAP NetWeaver Identity Management and SAP SNC, see the Creation of an Identity in SAP NetWeaver Identity Management section and the Generation of Users and Business Partners in SAP SNC section under Identity Management for SAP SNC: Central Creation of Users.

For more information about the features of the user administration in SAP SNC, see SAP Library for SAP SNC on SAP Help Portal at http://help.sap.com.