Skip to content

Creating SAP System Users

An SAP administrator must create an SAP System User ID within each target system. You will use the SAP username and password to enable Remote Function Call communications between the target system and the Access Risk Management agent.

You can select any user with proper authorizations, but we recommend the following user specifications:

  • User: EM_Connector

  • User Type: System

  • Assign the roles:

    • Download the SAP file for standard access roles and assign them to the system user EM_CONNECTOR.
    • If you use Emergency Access Management or Access Reviews, you will also download the SAP file for additional roles and assign them to the system user EM_CONNECTOR.


Contact your SAP administrator if you need assistance using transaction PFCG to upload the roles.

Upload the necessary roles via PFCG for the implemented features (provided by SailPoint Support):

  • Access Analysis – Z_SAILPOINT_ARM_AA_2021.SAP
  • Access Reviews (Certifications) and Emergency Access Management (Firefighter) – Z_SAILPOINT_ARM_EAM_2023.SAP