This article outlines on how to handle a User Creation request from the users.

Information

PF1 is the Production Environment SF1 is the Pre Production Environment and QF1 is the Quality Environment.

Identifying the Tickets :

When the users asks for a creation of the user in the ticket in PF1 or SF1 or QF1 systems, then it can be identified as a User Creation. Alternatively, when the user does not exist in the system and the access has to be given to the user, then it is considered as a User Creation. These tickets may have the accompanying information like the Name of the User / ID, Reference User Name / ID, Systems, etc. Below is an example of how the ticket may look like.



Good Practice

It is always a good idea to check if the Reference User and the User exist in the system. If the Reference User is invalid, ask the User. If the User already exists in the system then there will be no need to create again. Hence, this would save time.

Approvals :

Before proceeding with these kind of tickets, we need to always check the approvals. The approvals for the PF1 system are managed by our team itself. If there are approvals are missing in the ticket then we need to ask user to provide approval of manager. Also, we need to ask for a Reference User ID for the new user creations or the list of the roles which have to be added.

If the request is approved by manager in ticket or if the one requesting the access is the User's Manager. An example can be seen below :


Providing the Access :

  • When we receive User Creations, after we check the approvals, we always need either the Reference User or the list of all the roles which have to be added to the user. If the user only mentions the transactions which the he / she needs, then it is always a good idea to ask for the Reference User as without that the role added or the solution provided might not be too accurate.

Important

If a user asks to add the role (or in case of a User Creation) in the PF1 system then the same roles has to added in the SF1 and QF1 system's too. But the vice-versa should not be done, i.e. if the user needs access in the SF1 or QF1 system's then the same has to provided only in the SF1 or QF1 system. Also, only the roles with a Direct Assignment are to be added to the user.

  • Once the required information has been obtained, the Reference user has to be entered in the PF1 system in the SU01D transaction and all the roles from the Roles tab should be copied in a new Excel Sheet.


  • The agent must then log in to the IDM (Identity Management) and enter the new user which has to be created and then the user group has to be set in the Logon Data tab and the roles have to be added to the user account through the Permissions tab one at a time from the Excel Sheet and after all the roles have been added the Save Button has to be clicked.


  • After this, the user must reflect in the system (ideally 2 mins). We need to then mirror the values in the PF1, SF1and QF1 system tabs of the Reference User to the user who needs the access. This includes the information in the tabs Logon DataDefaults and Parameters for that we need to use ZCA_USER_PARAM


  • This is followed by the Password Reset in all the systems and the same is informed to the user and the ticket is Resolved.


We have now finished the request for the User Creation of a new user in the PF1, SF1 and QF1 system's.



  • No labels

1 Comment

  1. Nipun Tomar

    Approved.