Instructions for Source System Teams
Download the Excel template, complete the sheets relevant to your system, and return the filled workbook to the IAM Governance team. Do not modify column headers or sheet names. Red-highlighted columns are mandatory. Dates must be in YYYY-MM-DD format. Leave IMPORT_BATCH_ID blank — it is system-populated.
Account Entitlement DataREQUIRED
Target: AG_ACCOUNT_ENTITLEMENT · Captures the assignment of entitlements to user accounts. Each row represents one entitlement assigned to one account.
| Field Name | Display Label | Data Type | Req. | Example | Description | Validation Rules |
|---|---|---|---|---|---|---|
| ASSIGNMENT_ID | Assignment ID | Text | ASGN-000001 | Unique identifier for this assignment record. Must be globally unique across all assignments. | Must be unique per row. No duplicates allowed. | |
| ACCOUNT_ID | Account ID | Text | ACC-SAP-0001 | Unique identifier of the system account holding this entitlement. Must match an ACCOUNT_ID in the System Accounts sheet. | Must exist in the System Accounts sheet. | |
| ENTITLEMENT_ID | Entitlement ID | Text | ENT-SAP-SAP_ALL | Unique identifier of the entitlement being assigned. Must match an ENTITLEMENT_ID in the Entitlement Catalog sheet. | Must exist in the Entitlement Catalog sheet. | |
| SCOPE_TYPE | Scope Type | Text (Controlled) | — | Region | The dimension along which the entitlement is scoped. Leave blank if the entitlement applies globally. | Allowed: Region, Business Unit, Country, Cost Center, or blank. |
| SCOPE_VALUE | Scope Value | Text | — | EMEA | The specific value of the scope dimension. Required if SCOPE_TYPE is provided. | Required when SCOPE_TYPE is not blank. |
| ASSIGNED_DATE | Assigned Date | Date (YYYY-MM-DD) | — | 2024-01-15 | The date on which the entitlement was granted to the account. | Format: YYYY-MM-DD. Must not be in the future. |
| END_DATE | End Date | Date (YYYY-MM-DD) | — | 2025-12-31 | The date on which the entitlement expires or was revoked. Leave blank for active indefinite assignments. | Format: YYYY-MM-DD. Must be >= Assigned Date. |
| ASSIGNMENT_STATUS | Assignment Status | Text (Controlled) | ACTIVE | Current lifecycle status: ACTIVE = in use, REVOKED = manually removed, EXPIRED = past end date. | Allowed values: ACTIVE, REVOKED, EXPIRED. | |
| APPROVED_DATE | Approved Date | Date (YYYY-MM-DD) | — | 2024-01-13 | Date the assignment was formally approved by the access owner or manager. | Format: YYYY-MM-DD. |
| NOTES | Notes | Text (Free-form) | — | Approved for project XYZ duration | Free-text field for additional context or justification related to this assignment. | Max 500 characters. |
| IMPORT_BATCH_ID | Import Batch ID | Text | — | — | Leave blank — auto-populated by the AG system during import. | Leave blank. System-populated. |
Entitlement CatalogREQUIRED
Target: AG_ENTITLEMENT · Defines all entitlements (roles, profiles, permission sets) available in your system. Each row is one unique entitlement.
| Field Name | Display Label | Data Type | Req. | Example | Description | Validation Rules |
|---|---|---|---|---|---|---|
| ENTITLEMENT_ID | Entitlement ID | Text | ENT-SAP-SAP_ALL | Unique identifier for this entitlement. Recommended format: ENT-{SYSTEM_CODE}-{SHORT_NAME}. | Must be unique per row. No duplicates allowed. | |
| SYSTEM_CODE | System Code | Text | SAP_ERP | The code of the system this entitlement belongs to. Must match a registered SYSTEM_CODE. | Must match a registered system code. | |
| ENTITLEMENT_TYPE | Entitlement Type | Text (Controlled) | Role | Category of this entitlement: Role, Profile, Permission Set, Authorization Object, Security Group, Directory Role, Group. | Must be a recognized type for the system. | |
| ENTITLEMENT_DESC | Entitlement Description | Text (Free-form) | — | Full system access — all transactions and data | Human-readable description of what this entitlement grants. Be specific about access level and data scope. | Max 500 characters. |
| IS_PRIVILEGED | Is Privileged | Flag (Y/N) | Y | Y = Privileged (admin, full access, financial posting). N = Standard (normal business access). Privileged entitlements require enhanced review. | Allowed values: Y or N only. | |
| OWNER_NAME | Owner Name / Team | Text | — | SAP Center of Excellence | Name of the business owner or team responsible for managing and reviewing this entitlement. | Free text. Recommended: use team name, not individual. |
| IMPORT_BATCH_ID | Import Batch ID | Text | — | — | Leave blank — auto-populated by the AG system during import. | Leave blank. System-populated. |
System AccountsREQUIRED
Target: AG_SYSTEM_ACCOUNT · Maps employees to their accounts on your system. Each row is one account. An employee may have multiple accounts across systems.
| Field Name | Display Label | Data Type | Req. | Example | Description | Validation Rules |
|---|---|---|---|---|---|---|
| ACCOUNT_ID | Account ID | Text | ACC-SAP-0001 | Unique identifier for this system account. Recommended: ACC-{SYSTEM_CODE}-{EMPLOYEE_SEQ}. | Must be unique per row. No duplicates allowed. | |
| SYSTEM_CODE | System Code | Text | SAP_ERP | The code of the system where this account exists. Must match a registered SYSTEM_CODE. | Must match a registered system code. | |
| EMPLOYEE_ID | Employee ID | Text | EMP-0001 | Unique employee identifier of the person who owns this account. Must match the HR system employee ID. | Must match a registered employee ID in HR master data. | |
| AD_USER | AD Username | Text | ahmed.alrashid | Active Directory username associated with this account (domain login name, without domain prefix). | Must be a valid AD username. No spaces or special characters. |
Entitlement ClassificationOPTIONAL
Target: AG_ENTITLEMENT_CLASSIFICATION · Assigns risk/sensitivity classifications to entitlements with effective dates to track changes over time.
| Field Name | Display Label | Data Type | Req. | Example | Description | Validation Rules |
|---|---|---|---|---|---|---|
| ENT_CLASS_ID | Classification ID | Text | ENTC-000001 | Unique identifier for this classification record. | Must be unique per row. | |
| ENTITLEMENT_ID | Entitlement ID | Text | ENT-SAP-SAP_ALL | The entitlement being classified. Must match an ENTITLEMENT_ID in the Entitlement Catalog. | Must exist in the Entitlement Catalog sheet. | |
| CLASSIFICATION_LEVEL | Classification Level | Text (Controlled) | Critical | Risk level: Critical = highest risk, most frequent review. High = elevated. Medium = moderate. Low = minimal. | Allowed values: Critical, High, Medium, Low. | |
| REVIEW_FREQUENCY | Review Frequency | Text (Controlled) | — | Quarterly | How often this entitlement should be reviewed in access certification campaigns. | Allowed values: Monthly, Quarterly, Semi-Annual, Annual. |
| EFFECTIVE_FROM | Effective From | Date (YYYY-MM-DD) | — | 2025-01-01 | Date from which this classification is valid. Defaults to today if not provided. | Format: YYYY-MM-DD. |
| EFFECTIVE_TO | Effective To | Date (YYYY-MM-DD) | — | 2025-12-31 | Date on which this classification expires. Leave blank if currently active with no planned end date. | Format: YYYY-MM-DD. Must be >= Effective From. |
Access Request TicketsOPTIONAL
Target: AG_ACCESS_REQUEST · Historical access request tickets from your ticketing system. Each row is one request.
| Field Name | Display Label | Data Type | Req. | Example | Description | Validation Rules |
|---|---|---|---|---|---|---|
| TICKET_ID | Ticket ID | Text | TKT-2025-001234 | Unique identifier of the access request ticket in your ticketing system. | Must be unique per row. | |
| REQUEST_TYPE | Request Type | Text (Controlled) | GRANT | GRANT = new access. REVOKE = remove access. MODIFY = change scope or level. | Allowed values: GRANT, REVOKE, MODIFY. | |
| AD_USER | AD Username | Text | — | ahmed.alrashid | Active Directory username of the user for whom access is requested. | Valid AD username format. |
| PERSON_ID | Person / Employee ID | Text | — | EMP-0001 | Internal employee ID of the person for whom access is requested. | Must match a registered employee ID if provided. |
| ENTITLEMENT_NAME | Entitlement Name | Text | — | SAP_ALL | The name of the specific entitlement being requested. | Free text. |
| REQUESTED_BY | Requested By | Text | — | sara.hassan | AD username or name of the person who submitted the request. | Free text. |
| APPROVED_BY | Approved By | Text | — | john.smith | AD username or name of the person who approved the request. | Free text. |
| STATUS | Request Status | Text (Controlled) | — | IMPLEMENTED | PENDING = awaiting approval. APPROVED = approved, not yet implemented. REJECTED = denied. IMPLEMENTED = completed. | Allowed: PENDING, APPROVED, REJECTED, IMPLEMENTED. |
| BUSINESS_JUSTIFICATION | Business Justification | Text (Free-form) | — | Required for Q1 financial close activities | Business reason provided by the requester for this access. | Max 1000 characters. |
Ready to export your data?
Download the pre-formatted Excel workbook with all sheets, field descriptions, and example rows.