Hello,
it seems that what you want can be achieved with SAP Identity Management:
SAP Identity Management 8.0 – SAP Help Portal Page
and here is additional helpful information in the community space: SAP Identity Management
Central User Administration (CUA) and Identity Management both provide number of similar functions for managing users, roles, and authorizations, including:
• centralized creation, maintenance, and deletion of user accounts
• Centralized administration of global attributes, such as first and last names
• Role assignment and removal
• Data synchronization across multiple systems
Having CUA the natural next step is upgrading to IDM.
In addition IDM offers more:
- IDM is a Flexible Component for Heterogeneous Systems
CUA is deeply integrated into SAP ERP and other SAP Business Suite applications. As part of
the SAP NetWeaver technology platform, SAP NetWeaver ID Management makes much more flexible implementations possible: instead of targeting individual systems, you can use it to
consolidate and manage identities and authorizations throughout your landscape according to your role model, which is more efficient
- Rights by Role - Through roles, you can determine which authorizations your employees receive while precisely defining each individual access right and the role assignment is done cross-systems
- Hierarchical role model: The component enables you to organize authorizations based on a hierarchy of business roles. Through the “employee” role, for example, you can create a new e-mail account, Microsoft Active Directory entry, or telephone extension in a single step. You can then grant the “department manager” role further authorizations, such as cost center access.
- Self-services through a familiar interface, users can quickly manage their attributes – cell phone numbers and office addresses, for example – and reset their passwords without time-consuming IT support tickets.
- Segregation of duties and workflows
- Consistent identity monitoring and transparent audit trails
- Supports integration of an existing e-mail system
- User interface enables both centralized and decentralized password resets
Here are example scenarios:
A new employee joins your company.
The human resources department enters the corresponding master data into your HR system.
SAP NetWeaver ID Management creates an e-mail account, an Active Directory entry, and a home folder while granting the employee access to your employee portal.
The new hire also automatically receives further authorizations based on a clearly defined role model. Then he/she can access all of the functions.
An employee leaves your company.
With SAP NetWeaver ID Management, it takes just seconds to remove access rights for everything
from workstations to the company premises.
Hope this helps.
Best wishes,
Fedya Toslev