Explaining Authorizations in SAP Landscape Management

Objectives

After completing this lesson, you will be able to:

  • Explain authorizations in SAP Landscape Management

Authorization Concept in SAP Landscape Management

SAP Landscape Management uses the user management functions of SAP NetWeaver AS for Java, as provided by the User Management Engine (UME). These functions are as follows:

  • Roles and groups for Read-Only access, operations, configuration, and overall administration

  • To define permissions for UME groups on specific pools in the SAP Landscape Management landscape, choose SetupAuthorizationsOperations & Content (or Views)

  • Pool-based permissions allow more detailed control for each UME group: which operations may be executed, and which views may be viewed.

For more information, see the official documentation at http://help.sap.com/nwlvm.

Configuring Operations and Content

The figure, Configuring Operations and Content, illustrates the following steps:

  1. Select the pool for which you want to define the authorizations.

  2. Select the UME group.

  3. Select the permissions you want to grant for the pool/UME combination.

  4. SAP Landscape Management automatically adds dependent permissions for operations.

  5. The summary step lists the specified information.

  6. Save your data.

For more information, see the official documentation at http://help.sap.com/nwlvm.

Configuring Views

You can restrict the permissions on specific views. The figure, Configuring Views, illustrates the following steps:

  1. Choose SetupAuthorizationsOperations & ContentViews.

  2. Choose Add.

  3. To search for the UME group, use the input help (press F4).

  4. Define the authorizations.

  5. Save your data.

For more information, see the official documentation at http://help.sap.com/nwlvm.

Default Permissions of UME Groups are:

Default Permissions of UME Groups

UME GroupRoleDescription
LVM_ADMINSAP_LVM_ADMINCan perform forced operations, manage logs and operations on multiple systems simultaneously, in addition to the actions performed by SAP_LVM_OPERATOR and SAP_LVM_CONFIGURATOR.
LVM_READONLYSAP_LVM_READONLYCan view the details of instances, hosts, virtual platform elements, pools, networks, and characteristics.
LVM_SUPERADMINSAP_LVM_SUPERADMINCan perform configuration of fine grained object permissions, in addition to the actions performed by SAP_LVM_ADMIN role.
LVM_OPERATORSAP_LVM_OPERATORCan schedule or perform operations on instances and virtual systems, in addition to the actions performed by SAP_LVM_READONLY role. Operator can schedule or perform operations on instances within a single system at a time.
LVM_AUTOMATION_EXPERTSAP_LVM_AUTOMATION_EXPERTCan execute, schedule and manage operation templates, provisioning templates, and custom processes, in addition to the actions performed by SAP_LVM_OPERATOR role.
LVM_CONFIGURATORSAP_LVM_CONFIGURATORCan add, edit, or import the configuration of instances, hosts, pools, networks, and characteristics, in addition to the actions performed by SAP_LVM_READONLY role.
LVM_EXTENDED CONFIGURATORSAP_LVM_EXTENDED CONFIGURATORCan configure infrastructure settings and SAP Landscape Management settings.
ADMINISTRATORSADMINISTRATOR 

The table gives an overview of the different UME groups including the assigned role and a description.

For more information, see the official documentation at http://help.sap.com/nwlvm.

Change Authorizations

Business Scenario

Within an organization, several different groups need special authorizations to do their work. In this SAP Landscape Management system, the Advanced Authorization has been configured to grant these groups with the authorizations they require for their work. The Advanced Authorization section works on top of the User Management Engine (UME) of SAP NetWeaver Application Server Java.

Exercise Options

You can perform this exercise in two ways:

  1. Start the exercise. From the entry screen, choose Start Tutorial to watch the simulation.
  2. Start the exercise. From the entry screen, choose Open PDF Document. This document contains all required steps to perform this exercise in your own system.

Log in to track your progress & complete quizzes