description | page_type | products | urlFragment | languages | |||
---|---|---|---|---|---|---|---|
The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the <a href='https://www.sap.com'> SAP Help Portal </a>. |
sample |
|
sap-ilm-store |
|
The Microsoft Azure Storage Account can now be used as a ILM Store to persist the Archive files and attachments from an SAP ILM system. An ILM Store is a component which fulfills the requirements of SAP ILM compliant storage systems. One can store archive files in a storage media using WebDAV interface standards while making use of SAP ILM Retention Management rules. For more information about SAP ILM Store, refer to the SAP Help Portal .
The following steps are executed as a part of this Quickstart Template:
- Deployment of a Microsoft Azure Storage Account
- Using an existing Built-in (or Custom) Role or creation of a new Custom Role for restricting access to the Microsoft Azure Storage Account
- Assignment of the identified Role to a Microsoft Azure Active Directory Application
You can decide to either use an existing Role definition or create a new custom Role Definition using this parameter.
To use an existing Role definition, use the parameter "Role ID of an existing Role" to provide the corresponding Role ID. Refer to the next section to find out how to fetch the value.
To create a new custom Role, use the parameter "Name for a new Custom Role" to provide a name for a new Custom Role Definition.
Run the following command to get the Role ID for an existing Role Definition. Replace role-name
with the name of an existing Role Definition. This role would be assigned to the Service Principal which is used to access the Microsoft Azure Storage Account.
PowerShell: (Get-AzRoleDefinition -Name "role-name").Id
Command Line: az role definition list --name "role-name" --query "[].name" --output tsv
Ensure that you provide a new and unique value for this parameter.
Run the following command to get the Principal ID of an Azure Active Directory Application. Replace name-of-service-principal
with the name of an Azure Active Directory Application. This application will enable the SAP ILM access to the Microsoft Azure Storage Account.
PowerShell: (Get-AzADServicePrincipal -DisplayName "name-of-service-principal").Id
Command Line: az ad sp list --display-name "name-of-service-principal" --query "[].objectId" --output tsv
Click the button at the beginning of this document.
For deployment errors raised with Azure Resource Manager, refer to Troubleshoot common Azure deployment errors with Azure Resource Manager.
Some of the errors are listed below:
Error code: RoleScopeBeingRemovedContainsAssignments
- Error Description:
Role assignments found under scope '/subscriptions/<<value>>/resourcegroups/<<value>>' which is being removed. Removing this scope from the role will orphan these assignments. Delete these assignments before removing the scope
- Deployment phase: Deployment
- Details: The name of the Custom Role provided for the parameter "Name for a new Custom Role" may already be in use.
- Solution: Select a new and unique value for this parameter and try again.
Error code: InvalidPrincipalId
- Error Description:
A valid principal ID must be provided for role assignment
- Deployment phase: Deployment
- Details: The Principal Id provided for the parameter "Principal ID of the Azure AD App" may be incorrect.
- Solution: Refer to the Prerequisites section above to determine the correct value for this parameter.
The scripts are provided as-is without warranty of any kind, either expressed or implied, including any implied warranties of fitness for a particular purpose, mechantability, or non-infringement.
Tags: SAP, Information Lifecycle Magagement, ILM, Store, Microsoft.Storage/storageAccounts, Microsoft.Authorization/roleDefinitions, customRole, Microsoft.Authorization/roleAssignments, Microsoft.ManagedIdentity/userAssignedIdentities