SAP Landscape Management uses the user management functions of SAP NetWeaver AS for Java, as provided by the User Management Engine (UME). These functions are as follows:
Roles and groups for Read-Only access, operations, configuration, and overall administration
To define permissions for UME groups on specific pools in the SAP Landscape Management landscape, choose Setup → Authorizations → Operations & Content (or Views)
Pool-based permissions allow more detailed control for each UME group: which operations may be executed, and which views may be viewed.
For more information, see the official documentation at http://help.sap.com/nwlvm.
Configuring Operations and Content
The figure, Configuring Operations and Content, illustrates the following steps:
Select the pool for which you want to define the authorizations.
Select the UME group.
Select the permissions you want to grant for the pool/UME combination.
SAP Landscape Management automatically adds dependent permissions for operations.
The summary step lists the specified information.
Save your data.
For more information, see the official documentation at http://help.sap.com/nwlvm.
Configuring Views
You can restrict the permissions on specific views. The figure, Configuring Views, illustrates the following steps:
Choose Setup → Authorizations → Operations & Content → Views.
Choose Add.
To search for the UME group, use the input help (press F4).
Define the authorizations.
Save your data.
For more information, see the official documentation at http://help.sap.com/nwlvm.
Default Permissions of UME Groups are:
Default Permissions of UME Groups
| UME Group | Role | Description |
|---|---|---|
| LVM_ADMIN | SAP_LVM_ADMIN | Can perform forced operations, manage logs and operations on multiple systems simultaneously, in addition to the actions performed by SAP_LVM_OPERATOR and SAP_LVM_CONFIGURATOR. |
| LVM_READONLY | SAP_LVM_READONLY | Can view the details of instances, hosts, virtual platform elements, pools, networks, and characteristics. |
| LVM_SUPERADMIN | SAP_LVM_SUPERADMIN | Can perform configuration of fine grained object permissions, in addition to the actions performed by SAP_LVM_ADMIN role. |
| LVM_OPERATOR | SAP_LVM_OPERATOR | Can schedule or perform operations on instances and virtual systems, in addition to the actions performed by SAP_LVM_READONLY role. Operator can schedule or perform operations on instances within a single system at a time. |
| LVM_AUTOMATION_EXPERT | SAP_LVM_AUTOMATION_EXPERT | Can execute, schedule and manage operation templates, provisioning templates, and custom processes, in addition to the actions performed by SAP_LVM_OPERATOR role. |
| LVM_CONFIGURATOR | SAP_LVM_CONFIGURATOR | Can add, edit, or import the configuration of instances, hosts, pools, networks, and characteristics, in addition to the actions performed by SAP_LVM_READONLY role. |
| LVM_EXTENDED CONFIGURATOR | SAP_LVM_EXTENDED CONFIGURATOR | Can configure infrastructure settings and SAP Landscape Management settings. |
| ADMINISTRATORS | ADMINISTRATOR |
The table gives an overview of the different UME groups including the assigned role and a description.
For more information, see the official documentation at http://help.sap.com/nwlvm.