If you like to set user attributes out of your role model then maybe attribute privileges are for you. For instance you want to set automatically for all members of a role the ABAP user group.  Or you plan to deactivate the password for some roles. However, every attribute of the MX_PERSON object can be manipulated by the attribute privileges.

This tutorial shows how to implement attribute privileges. It is based on SAP Identity Management 7.2. If you need help for implementing the tasks on IdM 7.1 contact me.

I assume you know how to use the identity center, i.e. how to create tasks and attributes, etc..  Some scripting is needed as well.

Following steps give an overview of the things to be done:

  1. Create two attributes for the entry type MX_PRIVILEGE. This will be an attribute for the attribute name and one for the attribute value.
  2. Create an add member task, which sets the attribute for an user when the privilege is assigned.
    Create a del member task, which will remove the attribute when the user has lost the privilege.
  3. Create  a user interface task for creating attribute privileges on a comfortable way.



1. Adding attributes to the privilege entry type

In your master identity store add a general text attribute 

  • name = Z_PRIV_AUTO_ATTRIBUTE
  • Entry types tab: link it to MX_PRIVILEGE
  • Presentation tab: use SingleSelect
  • Attribute values tab: select SQL query and the stament
    SELECT DISTINCT attrname FROM MXI_Attributes where is_id=1


The attribute Z_PRIV_AUTO_ATTRIBUTE will contain the name of the attribute to be manipulated. The SQL statement  offers all existing attribute names in your master identity store (check the correct is_id).

Add one more  general text attribute: 

  • name =Z_PRIV_AUTO_VALUE
  • Entry types tab: link it to MX_PRIVILEGE
  • Presentation tab: use SingleLine

The attribute Z_PRIV_AUTO_VALUE will contain the value of the attribute to be manipulated.

If you check the entry type MX_PRIVILEGE you will find both added attributes:

2. Adding the AddMember and DelMember tasks

PPM 6.1 on SAP ERP 6.0 EhP8
On January 20, 2016, SAP Enhancement Package 8 for SAP ERP 6.0 (aka EhP8) had its RTC. The new EhP8 requires to have NW 7.5 underneath. SAP Portfolio and Project Management 6.1 is released for installation on top of EhP8. The 6.1 FAQ Note 2026407 has been updated accordingly. Please be aware that all lower PPM releases are not released for installation on top of EhP8.

  • PPM released for SAP Business Client 6.0
    SAP Portfolio and Project Management 5.0, 6.0, and 6.1 have now been released for usage with SAP Business Client 6.0 (for Desktop). SAP Business Client 6.0 is the latest child in the SAP Business Client family formerly known as SAP NetWeaver Business Client (NWBC), available on SAP Service Marketplace. The SAP Notes 1402912, 1826387, and 2026422 have been enhanced accordingly.
  • Java browser plugins
    SAP Portfolio and Project Management is using Java Browser plugins in some areas, e.g. for the Gantt graphic in project management. Java browser plugins will be in deprecation status from March, 2017, please refer to note 2283330 for the official SAP statement about Oracle plans to deprecate Java browser plugins.
  • New NetWeaver Information at SAP.com

    Very Helpfull

    User Rating: Be the first one !