Recognising the need to manage users identity in many locations - multiple ABAP based systems, java systems and directory servers, SAP purchased Maxware and have launch their product set as SAP Netweaver Identity Management.
So what does this mean for mean? Well in short from the entry of a record in a csv file, a directory server, an SAP system or a database, you can trigger the provisioning (creating users) and deprovisioning (removing or delimiting) users access anywhere you need to in an SAP and non SAP landscape.
You can define a set of business based roles, which contain an number of system privileges. A privilege is another word for technical role in the controlled systems. So a Warehouse Manager business role would get the privileges "Email Access in exchange", "Network Logon in AD", "Z_WM_MGR_ALL" and "Z_WM_OPERATOR" in R/3 and "Z_ALL_EMPLOYEES" and "Z_TEAM_LEADER" is the ESS/MSS system, plus a user in SunOne, the LDAP used for the portal to allow them to log on.
The starting point on the SAP Service Marketplace for SAP Netweaver