1 SAP NetWeaver Identity Management Release Note Version 7.2 SP7 Rev 1
2 2013 SAP AG or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries. Apple, App Store, FaceTime, ibooks, ipad, iphone, iphoto, ipod, itunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc. Bluetooth is a registered trademark of Bluetooth SIG Inc. Citrix, ICA, Program Neighborhood, MetaFrame now XenApp, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc. Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH. Edgar Online is a registered trademark of EDGAR Online Inc., an R.R. Donnelley & Sons Company. Facebook, the Facebook and F logo, FB, Face, Poke, Wall, and are trademarks of Facebook. Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik, and Android are trademarks or registered trademarks of Google Inc. HP is a registered trademark of the Hewlett-Packard Development Company L.P. HTML, XML, XHTML, and W3C are trademarks, registered trademarks, or claimed as generic terms by the Massachusetts Institute of Technology (MIT), European Research Consortium for Informatics and Mathematics (ERCIM), or Keio University. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/vm, z/os, OS/390, zenterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, purescale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation. Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation. INTERMEC is a registered trademark of Intermec Technologies Corporation. IOS is a registered trademark of Cisco Systems Inc. The Klout name and logos are trademarks of Klout Inc. Linux is the registered trademark of Linus Torvalds in the United States and other countries. Motorola is a registered trademark of Motorola Trademark Holdings LLC. Mozilla and Firefox and their logos are registered trademarks of the Mozilla Foundation. Novell and SUSE Linux Enterprise Server are registered trademarks of Novell Inc. OpenText is a registered trademark of OpenText Corporation. Oracle and Java are registered trademarks of Oracle and its affiliates. QR Code is a registered trademark of Denso Wave Incorporated. RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry AppWorld are trademarks or registered trademarks of Research in Motion Limited. SAVO is a registered trademark of The Savo Group Ltd. The Skype name is a trademark of Skype or related entities. Twitter and Tweet are trademarks or registered trademarks of Twitter. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Wi-Fi is a registered trademark of Wi-Fi Alliance. SAP, R/3, ABAP, BAPI, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, Sybase, Adaptive Server, Adaptive Server Enterprise, ianywhere, Sybase 365, SQL Anywhere, Crossgate, B2B 360 and B2B 360 Services, EDDY, Ariba, the Ariba logo, Quadrem, b-process, Ariba Discovery, SuccessFactors, Execution is the Difference, BizX Mobile Touchbase, It's time to love work again, SuccessFactors Jam and BadAss SaaS, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany or an SAP affiliate company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
3 SAP NetWeaver Identity Management Release Note 1 Support for Microsoft SQL Server 2012 As of, Microsoft SQL Server 2012 is supported as database system for the Identity Center database. Improved Performance (Enhanced) The following performance improvements are done for SAP NetWeaver Identity Management 7.2 SP7: Major performance improvements related to reconciliation, and privilege inheritance. The Runtime Engine is improved to prevent deadlocks in the database. Improved dispatcher performance. Instead of using a single connection to the database, the dispatcher uses several connections; each type of task is processed by a separate thread, with its own connection to the database. Approval Management (Enhanced) An administrator or manager can get an overview over pending approvals and (depending on the assigned privilege) decline or escalate approvals. For more information, see section 5.10 in the SAP NetWeaver Identity Management Solution Operation Guide. Scheduled Procedures for Housekeeping (Enhanced) Instead of configuring a dispatcher to do housekeeping operations of the Identity Center database, database procedures are introduced that can be scheduled to run at specific intervals. There are defined a set of procedures that replaces the former housekeeping actions defined for the dispatcher. The settings for maximum number of log entries for the system log and job log are removed. The log size is now controlled by the scheduled procedures that clean the log. Configuring and scheduling of the procedures are done in the "Dispatchers" node in the The dispatcher log contains log entries for the executions of the scheduled procedures. For more information, see Configuring the scheduled procedures for housekeeping in the help file for the Identity Center
4 2 SAP NetWeaver Identity Management Release Note Dispatcher Properties Moved from.prop File to Database (Changed) Some of the dispatcher properties are moved from the <dispatcher>.prop file to the database, and can be modified from the Identity Center For more information see Configuring custom parameters for a dispatcher in the help file for the Identity Center Parallel Provisioning (New) In situations where you have a large number of repositories of the same type, and many entries to be processed to several repositories at the same time, parallel provisioning improves performance by allowing provisioning to different repositories to run in parallel. Provisioning to one repository still is done in sequence. For more information, see About parallel provisioning in the help file for the Identity Management Reconciliation (Changed) Reconciliation is now done by a scheduled procedure executed by the dispatcher as part of the housekeeping. The existing job templates for reconciliation are obsolete and should not be used. The global constant MX_RECONCILE is obsolete. For more information, see About the identity store in the help file for the Identity Management Privilege Assignments based on Conditional Context (Changed) To improve performance, only the privileges actually assigned to a user based on conditional context are stored in the database (mxi_link table). Previously all potential assignments were stored, also those not fulfilling the criteria for the conditional context. Effect on Existing Data When upgrading the database to all these potential assignments are removed. This may take some time.
5 SAP NetWeaver Identity Management Release Note 3 Global constant MX_REVERSE_PRIVILEGE (Changed) The default value of this global constant has changed from TRUE to FALSE for all new installations. Effect on Existing Data When upgrading the database to, it is checked if reverse privilege inheritance is used in the configuration. If not the global constant is removed (with default value FALSE). For more information, see About performance optimization in the help file for the Identity Center Global constant MX_DIRECT_PRIVILEGE (New) This is a new global constant for performance optimization. The constant specifies if direct privilege inheritance is used or not. The default value is FALSE for new installations. When upgrading the database to SAP NetWeaver Identity Management 7.2 SP7, it is checked if direct privilege inheritance is used in the configuration. If not, the global constant is removed (with default value FALSE). For more information, see About performance optimization in the help file for the Identity Center SAP Java Connector (JCo) (Changed) The SAP Java Connector (JCo) that is installed with the SAP NetWeaver Identity Management Runtime Components is upgraded from version 2.1.x to JCo 3. JCo 3 is also included in the installation on the Unix/Linux platform. Only the 64-bit version of the Jco is installed, which requires the 64-bit version of the Java Runtime Environment. Effect on existing data If you previously have used the 32-bit version of JCo, you need to upgrade your environment to 64-bit to continue using JCo. Note: If you previously have used JcO 2, you must regenerate the dispatcher scripts before starting the dispatcher after the upgrade.