Security Authorizations in SolMan / ChaRM

Similar Messages

• Documentation for SolMan / ChaRM Security Rolls / Authorizations

  Good Day;
  I am currently setting up all the roles / authorizations for the different areas within Solution Manager / ChaRM.
  I have been looking for a u201Cdetailedu201D document on all the security authorizations for Solution Manager / ChaRM. So far the only document I am able to find is the Security Guide for SAP Solution Manager 4.0 as of SP 15.
  If there are more detailed documents, would someone point me in the right direction.
  Regards
  Don

  Thanks Roel;
  I am looking at user role authorizations.
  The first thing I want to setup is the Team leader roles.
  I need the team leader to have the ability to do the following
  1.Create Issues
  2.Create change requests
  3.Change the status of a change request to u201CIn Developmentu201D
  4.Create transports and tasks
  5.Release transports
  The Team leader will not have the authorization to u201Capprove u201C change requestsu201D 
  Thanks Again
  Regards
  Don

• Best Approach to create Security / Authorization Schema for an APEX Apps

  Hi,
  I am planning to create a Security / Authorization Schema for an APEX Application.
  Just want to know what is the best approach to create the security feature in APEX, so that it should be re-used in other APEXApplications too..
  I am looking for following features...
  1. users LOGIN and then user's name is stored in APEX_USER...
  2. Based on the user, I want to restrict the Application on following levels.
  - TABS
  - TABS - Page1 (Report
  - Page2 (Form)
  - Page2 (Region1)
  - Page2 (Region1, Button1)
  - Page2 (Region1, Items,....)
  AND so on.....basically depending on user....he will have access to certain TABS, Pages, Regions, Buttons, Items...
  I know, we have to create the Authorization Schema for this and then attach these Authorization Schema to the different Level we want.
  My Question is, what should be the TABLE structure to capture these info for each user...where we will say...this USER will have following access...AND then we create Authorization Schema from this table...
  Also what should be the FRONT end, we should have to enter these detail...
  SO, wondering, lot of people may already have implemented this feature....so if guys can provide the BEST Approach (re-usable for other APEX Application)....that will be really nice..
  Thanks,
  Deepak

  Hi Raghu,
  thanks for the detial info.
  so that means..I should have 2 table...
  master table (2 columns - username, password)
          username    password
     user1       xxxx
     user2       xxxx2nd table (2 columns - username, chq_disp_option)
  - In this table, we don't have Y/N Flag you mentioned..
  - If we have to enter all the regions/tabs/pages in the Applications here or just those regions/tabs/pages for which are conditionally diaplayed.
  - so that means in all the Pages/Regions/tabs/items in the entire Application, we have to call the Conditionally display..
  - suppose we have 3 tabs, 5 pages, 6 regions, 15 items..that means in this table we have to enter (3+5+6+15) = 29 records for each individual users..
            username    chq_disp_option
     user1       re_region1
     user1       re_region2
     user1       tb_main
     user1       Page1
     user1       Page5
     ----        ----     - how you are defining unique name for Regions..i mean in static ID or the Title
  - is the unique name for tab & item is same as the TAB_NAME (T_HOME) & Item Name (P1_ITEM1) or you are defining somewhere else.
  Thanks,
  Deepak

• Using SolMAn / ChaRm for upgrade to ECC6

  Good Day;
  We are planning on using SolMan / ChaRm for our upgrade from 4.6C to ECC6 and I am wondering if it would be possible to do the following
    Upgrade a development system to ECC6.
    Define 2 virtual ECC6 Systems, 1 for the QA system and 1 for the production system
    Create a project that contains all the business processes and has the above landscape assigned. This project does not have ChaRM active.
    Create a maintenance cycle with the above landscape attached and ChaRM active.
  As we upgrade the real QA and production systems to ECC6, we want to u201Cflip outu201D the virtual systems for the u201Crealu201D ECC6 systems.
  Does anyone have any input in this type of plan?
  Regards
  Don

  Good Day;
  We are planning on using SolMan / ChaRm for our upgrade from 4.6C to ECC6 and I am wondering if it would be possible to do the following
    Upgrade a development system to ECC6.
    Define 2 virtual ECC6 Systems, 1 for the QA system and 1 for the production system
    Create a project that contains all the business processes and has the above landscape assigned. This project does not have ChaRM active.
    Create a maintenance cycle with the above landscape attached and ChaRM active.
  As we upgrade the real QA and production systems to ECC6, we want to u201Cflip outu201D the virtual systems for the u201Crealu201D ECC6 systems.
  Does anyone have any input in this type of plan?
  Regards
  Don

• SolMan ChaRM - System landscape not ready yet

  Hi all,
  We are configuring ChaRM for an implementation use, therefore all the systems are not set up yet.
  Is it possible in SolMan to define logical component without "real" systems ?
  We saw that in STMS it was possible to create virtual systems, but how do we link these virtual systems to SolMan ChaRM ?
  Is it possible to define a virtual system landscape and to build and configure ChaRM scenario with this ?
  Thanks a lot for all your help,
  Regards.

  Yes, it is possible to define a development system and virtual systems (Q- and P-System).
  Via transaction SMSY you can describe the planned Q- and P-System at first as 'virtual'.
  Create transport routes with transport buffers as you would do for existing systems.
  Define the buffers as they should be named in future.
  For experimental purposes we connected our IDES-System to our development SolMan system.
  In this environment we could map such a ChaRM-configuration.
  In the meantime we practiced it in our production SolMan system, too.
  Best regards
  Horst

• BW Security/Authorizations

  Hi,
  I am new in the BW authorizations.Where can I find documetation about BW's Security/authorizations?
  please free to forward documents to my mail id
  xxx
  Thanks&Regards
  vamsi
  Message was edited by:
          Frank Koehntopp

  hi Vamsi,
  take a look
  http://help.sap.com/saphelp_bw33/helpdata/en/be/076f3b6c980c3be10000000a11402f/frameset.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/39f29890-0201-0010-1197-f0ed3a0d279f
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be
  hope this helps.

• Timeout parameter in SolMan-ChaRM

  Hi,
  I need to know the parameter which decides the timeout for tcode SM_CRM in SolMan 7.1
  the ABAP gui closes after about 5 mins of inactivity whereas the web browser of tcode SM_CRM remains open for long time(about 1 hour)
  What are the parameters which decide these timeouts for both ABAP gui as well as web browser in SolMan Charm System.
  The reason behind the need to know this is the java threads in our systems are all getting consumed resulting in JAVA stack getting crashed.
  We suspect the SM_CRM is the culprit as it remains open for long time and this tcode is being used widely in our project.
  OS : AIX
  DB : oracle
  -Ujjwal

  Assuming you are talking about the timeout value for the web interface, it is in the {installdir}/ocas/conf/ocwc.conf file. The parameter you want to change is ssn_timeout. I believe you will need to restart ocas to make it effective.

• JDev11 R.1. ADF Security Authorization

  Hi,
  I would like to know if it might be possible to use authenticatication via RDBMS authentication provider of Weblogic App. Server and ADF Security Authorization together in a JDev 11 application?. I am reading documentation and it says that; 'ADF Security relies on the jazn-data.xml file for the policy store whether you are using the XML-based identity store or the LDAP identity store. One could define roles and its access rights in jazn-data.xml and might expect authentication and isUserInRole services coming from the authentication service without defining users (role members) at design time. Is it or will it be possible in future?
  Best Regards.

  Hi
  I think it is too early and I don't know if they will ever build this. ( because they also have to support other app servers). Is RDBMS authentication provider of Weblogic App. Server a JAAS implementation?
  in TP4 you had a db login module , don't know if this is supported in 11g production.
  jps-config.xml
  <serviceInstance provider="jaas.login.provider" name="testlogin">
  <description>Sample LoginModule</description>
  <property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule" name="loginModuleClassName"/>
  <property value="REQUIRED" name="jaas.login.controlFlag"/>
  <property value="ovs_user" name="table"/>
  <property value="jdbc/OVSDS" name="data_source_name"/>
  <property value="role_name" name="groupMembershipGroupFieldName"/>
  <property value="password" name="passwordField"/>
  <property value="ovs_user_role_view" name="groupMembershipTableName"/>
  <property value="role_name" name="usernameField"/>
  <property value="role_name" name="pw_encoding_class"/>
  <property value="oracle.security.jazn.login.module.db.util.DBLoginModuleMD5Encoder" name="groupMembershipGroupFieldName"/>
  </serviceInstance>
  <serviceInstance provider="jaas.login.provider" name="oracledb.loginmodule">
  <property value="true" name="debug"/>
  <property value="true" name="addAllRoles"/>
  <property value="passwd" name="passwordField"/>
  <property value="role_name" name="groupMembershipGroupFieldName"/>
  <property value="jdbc/authschemaDS" name="data_source_name"/>
  <property value="REQUIRED" name="jaas.login.controlFlag"/>
  <property value="application_roles" name="groupMembershipTableName"/>
  <property value="oracle.security.jazn.login.module.db.DBTableOraDataSourceLoginModule" name="loginModuleClassName"/>
  <property value="FINEST" name="log.level"/>
  <property value="username" name="usernameField"/>
  <property value="application_users" name="table"/>
  <property value="username" name="user_pk_column"/>
  <property value="username" name="roles_fk_column"/>
  <property value="tolower" name="casing"/>
  <property value="oracle.security.jazn.login.module.db.util.DBLoginModuleClearTextEncoder" name="pw_encoding_class"/>
  </serviceInstance>
  thanks Edwin
  Edited by: biemond on Oct 19, 2008 10:50 AM

• SolMan ChaRM for NW BPC 10 and BOBJ?

  I am looking to find whether BOBJ and NW BPC 10 can be integrated into SolMan ChaRM. Do you have any experience/documentation?
  Thank you!

  Hi loanna
  have u checked these documents
  http://scn.sap.com/docs/DOC-28446
  http://scn.sap.com/people/robin.haettich/blog/2011/08/19/sap-change-and-transport-system-for-sap-business-planning-and-consolidation-version-for-microsoft-platform
  http://scn.sap.com/people/dolores.correa/blog/2009/06/05/cts-configuration-in-solution-manager-70-ehp1
  http://scn.sap.com/people/dolores.correa/blog/2008/07/26/first-steps-to-work-with-change-request-management-scenario
  My Blogs
  http://scn.sap.com/docs/DOC-44166
  http://scn.sap.com/docs/DOC-46528
  once  you have configured your Change and Transport System which is a base for ChaRM you can configure it further with project creation and activation with logical components
  let me know if u have more queries
  regards
  Prakhar

• Role base security & authorization

  hi,
       i want the details about Role based security & authorization for all objects in reporting and the T.codes related to security & authorization (like RSSM ....).
  plz help me with any document and security manual

  Hi,
  I hope search inthese forums would definately hep you.
  My previous postings on the Data level security at the Reporting side:
  https://forums.sdn.sap.com/click.jspa?searchID=966335&messageID=2940809.
  https://forums.sdn.sap.com/click.jspa?searchID=966335&messageID=2783106
  And take a loook on the links:
  https://websmp107.sap-ag.de/~sapidb/011000358700000274062002
  https://websmp107.sap-ag.de/~sapidb/011000358700000972382004
  With rgds,
  Anil Kumar Sharma .P
  Message was edited by:
          Anil Kumar Sharma

• Is transport possible w/o implementing Solman Charm

  Is transport in satellite system can be managed by solman w/o implementing Solman Charm? If so then how..it can be activated. Thanks in advance for your help.

  Hello Dhananjay,
  Are you refering to TMS, started with transaction STMS?
  That is actually Basis.
  However what you might be looking for is CTS+ (Change and Transport System) that can be intergrated with ChaRM, but doesn't need to be.
  HEre is a link to best practices for implementing CTS+: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10456aac-44f7-2a10-1fbe-8b7bcd7bcd58?quicklink=index&overridelayout=true
  And here is a link to configuring CTS+ in Solution Manager : /people/dolores.correa/blog/2009/06/05/cts-configuration-in-solution-manager-70-ehp1
  Hope this helps you out.
  Regards,
  Paul

• Security Authorizations for IDOC

  can anybody explai me following.
  Roles and responsibility wrt the Security Authorizations the user should have to process the IDOCs at the receiving end and also the monitoring the IDOCs
  Regards,
  Rahul

  Hi Shesha,
  I presume you have the SAP Integration kit intalled and configured, and imported the BW roles in the CMC... you are also login with the SAP user account (User1, User2). This would be a base requirement to make this work.
  In your OLAP universe, you need to set the connection properties of the connection to. Select Use Single Sign On when refreshing reports at view time to allow the user to benefit from SAP SSO.
  You have currently used User1 for the connection and saved the universe with this user id, thus, when the connection is made to BW, it is User1 with its role permissions accessing the data, even if you are logged on as User2, User1 is being authenticated.
  Hope this helps
  Jacques

• Page 0 security: authorization scheme not applied to other pages

  the page 0 security: authorization scheme not applied to other pages (neither as an override for existing pages nor as a default for new pages).
  how is this intended to work?

  mcstock,
  Can you clarify your question please? Can you give specific steps to reproduce this issue that you are inquiring about?
  Thanks.
  Joel

• Which authorizations for solman user in monitored system?

  We need to know what auths/profiles/roles are reqd in the active client of the ECC system for the solman user so that EWA, Sys Moni and Central System Admin can be done.
  I know one:
  1.     Custom Role u201CZ_SAP_RFC_SM_CONFIGu201D (with authorizations S_RFC and S_RFCACL)
  Can someone please list the roles/profiles or a link where I can get this?
  Thanks
  Prasad

  Hi
  Check the [security guide|https://websmp201.sap-ag.de/~sapidb/011000358700000370562009E.PDF] in page number 85 to 87.
  Hope this helps you
  regards
  Naveen kumar

• ADF Security Authorization

  As it's written in Oracle® Application Development Framework Developer’s Guide For Forms/4GL Developers B25947-01 I created file adf-config.xml file like this
  <?xml version="1.0" encoding="windows-1252" ?>
  <adf-config xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation=" http://xmlns.oracle.com/adf/config
  ../../../../../bc4jrt/src/oracle/adf/share/config/schema/config.xsd"
  xmlns=" http://xmlns.oracle.com/adf/config "
  xmlns:sec=" http://xmlns.oracle.com/adf/security/config ">
  <sec:adf-config-child xmlns=" http://xmlns.oracle.com/adf/security/config ">
  <JaasSecurityContext
       initialContextFactoryClass="oracle.adf.share.security.JAASInitialContextFactory"
       authorizationEnforce="true"
       jaasProviderClass="oracle.adf.share.security.providers.jazn.JAZNSecurity Context" >
  </JaasSecurityContext>
  </sec:adf-config-child>
  </adf-config>
  Assigned permissions to my roles in Authorization editior on iterators etc.. But it did get any effect.
  All roles have full access to iterators!
  ADFContext.getCurrent().getSecurityContext().isAuthorizationEnabled() returns false

  Hi,
  here's the adf-config file from my woking app
  <?xml version="1.0" encoding="windows-1252" ?>
  <adf-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.oracle.com/adf/config ../../../../../bc4jrt/src/oracle/adf/share/config/schema/config.xsd"
  xmlns="http://xmlns.oracle.com/adf/config"
  xmlns:sec="http://xmlns.oracle.com/adf/security/config">
  <sec:adf-config-child xmlns="http://xmlns.oracle.com/adf/security/config">
  <JaasSecurityContext initialContextFactoryClass="oracle.adf.share.security.JAASInitialContextFactory"
  jaasProviderClass="oracle.adf.share.security.providers.jazn.JAZNSecurityContext"
  authorizationEnforce="true"/>
  </sec:adf-config-child>
  </adf-config>
  Note that I don't use debug but run it from JDeveloper and the security settings are enforced. Did you set up the web.xml file - in other words, are you able to authenticate?
  Frank