1.1 How Role Mapping Works

The Role Mapping Administrator is one part of the Novell role mapping solution. It is dependent on the proper installation and configuration of all role mapping components. The following diagram shows the components involved in the role mapping. Following the diagram, the role mapping process is explained, using SAP as the connected system to Identity Manager.

Figure 1-1 How the Role Mapping Administrator Works

  1. The Role Mapping Administrator connects to the Identity Vault and reads the Identity Manager roles stored in the vault.

  2. The Role Mapping Administrator retrieves the SAP systems authorizations by using the SAP User Management driver to query the connected SAP systems. The retrieved SAP authorizations are added to the Role Mapping Administrator database.

  3. A user of the Role Mapping Administrator maps authorizations to one or more Identity Manager roles. When an authorization is mapped to a role, the role is updated in the Identity Vault to reflect the authorization mapping.

  4. A user is assigned the role in the Roles Based Provisioning Module, at which point the Role Service driver grants the user an entitlement to all SAP authorizations that are mapped to the role.

  5. The SAP User Management driver responds to the entitlement grant by initiating the authorization assignment in the SAP system.