Identity Management for SAP Portfolio and Project Management

You use this function to manage the data of your employees across different SAP systems, such as SAP Portfolio and Project Management, or SAP ERP Human Capital Management (SAP HCM), using SAP NetWeaver Identity Management 7.1. Identity Management for SAP Portfolio and Project Management enables efficient and secure management of users and authorizations based on the assignment of roles to an identity which changes over time. This increases administrative efficiency for day-to-day tasks related to Identity Management across the system landscape, and helps you to fulfill legal requirements like SAP Governance, Risk, and Compliance tasks, security reviews and audits. The users created from SAP NetWeaver Identity Management have the standard user configuration.

The SAP Identity Management system creates an identity for each employee. When you transfer the identity to SAP Portfolio and Project Management, the system creates a user and a business partner (BP). It also creates a Central Person for the BP that manages the user ID, the personnel number, and the BP data.

In the SAP Portfolio and Project Management application, there is a transfer to enable the BP application-specific creation scenario based on the employee information in the SAP ERP HCM system. This process is currently done through SAP ERP HCM-Portfolio Management ALE integration. A report is executed in the SAP ERP HCM system for a particular employee ID. The details of this employee are transferred as a Business Partner to the SAP Portfolio and Project Management application. User and business partner creation (optional) in transaction SU01 (User Maintenance) are supported by SAP NetWeaver Identity Management. Unlike the ALE integration scenario, where only a BP is created in the SAP Portfolio and Project Management application, the Identity Management function enables the creation of users and BPs. However, the SAP NetWeaver Identity Management scenario does not replace the existing SAP ERP HCM-ALE integration scenario. The SAP NetWeaver Identity Management and the SAP ERP HCM-ALE integration scenarios co-exist. A SAP Portfolio and Project Management user created by Identity Management and the creation of the BP based on certain mapping (SAP Portfolio and Project Management-specific BAdI implementations) is supported. SAP NetWeaver Identity Management supports the creation and update of BPs with only basic attributes. The SAP ERP HCM-ALE integration scenario can be run later to transfer the SAP ERP HCM employee attributes, such as availability, to the BP that has already been created using SAP NetWeaver Identity Management.

You have mapped the SAP HCM personnel area or subarea to an SAP Portfolio and Project Management-specific location in Customizing for Portfolio Management, by choosing  Base System Interfaces  SAP Human Capital Integration  Data Distribution from SAP HCM to SAP Portfolio and Project Management  Map Personnel Areas to Locations  . This setting is only required if you want to create BPs.

The background user in Identity Management, which is used for the RFC calls to the Portfolio and Project Management application (when transferring identities) must have the authorization of the PFCG role SAP_XRPM_ADMINISTRATOR. This role can update access control lists for SAP Portfolio and Project Management entities (such as portfolio, or bucket) and create users and business partners in the SAP Portfolio and Project Management application.

The following PFCG roles are provided by Identity Management for SAP Portfolio and Project Management:

The system administrator assigns these roles to users that are created in SAP NetWeaver Identity Management. The user creation is ABAP-based.