Scheduling a What If Analysis
To see the results of the simulations of different actions taken on users, single roles, and composite roles, you will need to set up and schedule an analysis.
Scheduling a User What If Analysis
You can schedule a What If analysis for one or more users to simulate the SoD conflicts that could occur based on a specific role assignment.
You can select the rulebook(s), users, and roles when you schedule the analysis:
-
Select WHAT IF ANALYSIS from the left menu and choose USER.
-
Name the analysis.
-
Select the field under Rulebooks and choose the rulebook(s) you want included in this analysis.
-
Use the Security extract dropdown menu to choose the security tables to use in the analysis, based on the date they were pulled. This defaults to the most recent extract.
-
Use the Role SAP System dropdown menu to select the environment to run the analysis in. This defaults to the same system you are currently working in and shows how roles from other connected systems will give access to users. This is commonly used when creating a new role in a non-production system to test the access the user will have in the production environment.
-
Use the Role Security Extract dropdown menu to choose the security extract to select roles from based on the date they were pulled from SAP. This defaults to the most recent extract.
-
Under Users Selection, you can choose to simulate a new user or add one or more users to the simulation.
-
To simulate a new user without any roles associated, select the checkbox next to Simulate New User.
-
To add existing users, select + Add Users to see the Users Selection window.
Here you can:
-
Filter users by username, full name, user group, and user type.
-
Search for users.
-
Add all users by selecting Add All +.
-
Specify the user(s) you want to include by selecting the + next to each username.
-
Add users by entering a comma- or line-separated list of UserIDs and selecting + Add.
When you have finished your user selection, select X to close the window.
-
Use the Roles Selection section to specify the role changes to simulate by removing existing roles and/or adding new roles to the users you've selected.
-
Remove Existing Roles - Select what roles to remove from the selected users.
-
Add Roles - Select what roles to give the selected users.
Important
You must select users before you can assign or remove roles. If you add or remove a user after selecting roles, all roles will be cleared.
To remove roles, select Clear to remove all selected roles or use the Delete icon to remove individual roles.
-
-
When you're ready to run the analysis, select Schedule. The Activity History page displays the analysis for you to view or download. See how to review the user results.
Scheduling a Single Role What If Analysis
You can schedule a What If analysis for a single role to simulate the SoD conflicts that could occur based on the transaction code and/or authorization object assignments to a role.
To generate a report on the impact of adding transaction codes and authorization object assignments:
-
Select WHAT IF ANALYSIS and choose SINGLE ROLE.
-
Enter a name for your analysis or keep the generated one.
-
Use the Security extract dropdown menu to choose the security tables to use in the analysis, based on the date they were pulled. This defaults to the most recent extract.
-
Select the field under Rulebooks and choose the rulebook(s) you want included in this analysis.
-
Use the dropdown menu under SAP Role to select the SAP role you want to simulate by adding new TCodes and objects.
-
Select + Add TCode and choose a transaction code from the dropdown menu. This will automatically fill in the object, field, and value/range. You can delete the automatically provided objects, fields, and values/ranges by selecting the Delete icon .
-
Add additional TCodes, authorization objects, and/or field values to simulate how they will affect the role.
-
When you're ready to run the analysis, select Schedule. The Activity History page displays the analysis for you to view or download. See how to review the role results.
Scheduling a Composite Role What If Analysis
You can schedule a What If analysis for a composite role to simulate the SoD conflicts that would occur when you add or remove a single role from that composite role.
To generate a report on the impact of deleting existing roles or adding roles to a composite role:
-
Select WHAT IF ANALYSIS and choose COMPOSITE ROLE.
-
Enter the name for your analysis or keep the generated one.
-
Use the Security extract dropdown menu to choose the security tables to use in the analysis, based on the date they were pulled. This defaults to the most recent extract.
-
Select the field under Rulebooks and choose the rulebook(s) you want included in this analysis.
-
Use the dropdown menu to select an existing composite role.
-
Use the dropdown menu under Composite Role to select the role(s) you are simulating changes to.
-
In the Roles Changes section, remove existing roles and/or add roles to simulate what could happen when those roles are removed or added from a composite role.
-
When you're ready to run the analysis, select Schedule. The Activity History page displays the analysis for you to view or download. See how to review the role results.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.