Hello Gurus,
We are implementing a process for identity termination. SAP security team wants the Id to be deleted from the system as part of the process whereas other applications have requested for removal of groups, change in status etc. The Id termination should be approved by line manager as first level approver.
We are using an action task with "To Identity Store" pass to remove the PRIV:<REPOSITORY>:ONLY privilege for the SAP Id to delete the account from SAP repository.
We need your advice for:
- Is the implementation approach for deletion of SAP ids correct?
- How do we configure the approval task for this process, It seems that it cannot be an assignment approval task in this case.
- There is a task "SetABAPRole&ProfileforUser" in the SAP provisioning framework which is executed following the user deletion. This task fails because it is not able to locate the MSKEY after the user has been deleted. How do we control this task?
Your help in this regard is much appreciated.
Regards,
Subramaniam Iyer