9.4 Expected Roles from the SAP Portal Are Not Being Displayed
Problem
When loading authorizations from the SAP Portal system, groups that start with SAP_ are not being displayed.
Solution
If the SAP Portal is using an ABAP server as the Authentication DataSource, then by default the UME cannot assign ABAP roles (which appear as groups in the SAP Portal) directly to ABAP users. Most of these ABAP roles begin with SAP_. The SAP Portal driver is configured to filter these roles when the Role Mapping Administrator queries for the available groups.
The filter is an XML filter element that is appended to the entitlement configuration object. By default, the filter element contains an attribute type that has a value of exclude. The filter element holds individual filters. Each filter contains the following attributes:
-
read-attr: The source for the match.
-
source-name: The attribute on which the regular expression is evaluated against.
-
regex: The regular expression that is used.
You can modify the regular expression value or remove the value to change how the Role Mapping Administrator filters the results. By default, the regular expression is ^SAP_ which is evaluated as start with SAP underscore.
Figure 9-1 XML Filter Element
To change the filter so you can see all groups:
-
Using Designer or iManager, edit the SAP Portal driver policy pub-its-InitEntitlementConfigurationResource on the Publisher channel.
-
In Policy Builder, select the Entitlements rule.
-
In the for each action, find the XML element of filter.
-
Change the type attribute value from exclude to include.
-
Remove the regular expression value of ^SAP_.
-
Save the changes, then restart the driver to have the changes take effect.