SAP Identity Management (IDM) - Roles and Privileges
SAP Identity Management (IDM) is used to track Business Roles approved for specific positions and then provisions access to SAP S/4 (Finance) and SAP SuccessFactors (HR) systems.
IDM assigns roles to a Position and provisions access to the employee/s who holds the position.
As employees transition into or out of a position, roles get automatically provisioned or removed based on the roles attached to the position.
Because roles are assigned to a position, the requestor needs to be aware of whether they are requesting a role for a position that is held by many employees. If a role is requested for a grouped position, everyone in the position will get the role.
IDM is the system of record for SAP (S4/SuccesFactors) security roles (excludes dynamic roles).
Lists all Business Roles, Privileges included in the Business Role, Role Approvers, Role Owners, Applicable System, and a separate tab includes description of the Business Role and the type of position the role applies to.
Supervisors are automatically provided privileges that allow them to create positions, create and process requisitions (to recruit vacant positions) and complete onboarding tasks, when needed. This workbook includes each user that has been assigned the supervisor role bundle.
This information is updated regularly and is current as of November 11, 2019.