SAP Landscape Management 3.0, Enterprise Edition

Configuring Security Settings

You use this procedure to specify the general security settings.

Prerequisites

  • When using an ABAP system or LDAP as the backend for user management, use a local user of the SAP NetWeaver Java engine to perform the configuration. Otherwise, the jobs stop working if the user backend is unavailable.

  • You have the authorization to configure engine settings.

    For more information, see Standard Permissions.

Procedure

  1. Choose Start of the navigation pathSetup Next navigation step SettingsEnd of the navigation path.
  2. Choose Expert Mode.
  3. On the Engine tab, choose Edit.
  4. Specify your general security settings.

    Field

    Default Value

    Possible Values

    Description

    Default User Name for Host Agents

    sapadm

    Valid SAP Host Agent user name.

    Default SAP Host Agent user name. When you select the Use Default Credentials checkbox during host configuration, this user name is entered by default.

    This default user name can be overwritten if the checkbox Allow Configuration of Credentials Individually per Host Agent is selected.

    Password of Default User Name for Host Agents

    None

    Valid SAP Host Agent password.

    Password of the Default User Name for Host Agents. When you select the Use Default Credentials checkbox during host configuration, this password is entered by default.

    Instance Agent User Pattern [<sid> or <SID>]

    <sid>adm

    Valid instance agent user pattern.

    Default pattern for the instance agent user. On Windows, you might have to add the domain.

    This default pattern can be overwritten on the detection screen.

    Default Instance Agent Password for Detection

    None

    Valid instance agent password.

    Default password for authentication on the instance agent.

    This password can be overwritten on the detection screen.

    For more information, see SAP Note 927637 Information published on SAP site.

    Allow Configuration of Credentials Individually per Host Agent

    Checkbox deselected

    Checkbox selected

    Checkbox deselected

    To specify an SAP Host Agent-specific user name and password or X.509 certificates for any host in the host configuration, select this checkbox.

    If this checkbox is selected, these specific credentials overwrite the default credentials for SAP Host Agents.

    Allow Configuration of Credentials Individually per Instance Agent

    Checkbox deselected

    Checkbox selected

    Checkbox deselected

    To define an instance agent-specific user name and password or X.509 certificates for any instance monitored by an instance agent, select this checkbox.

    Ignore SSL Server Certificates for Host Agents

    Checkbox selected

    Checkbox selected

    Checkbox deselected

    To ignore server certificates of SAP Host Agents during the SSL handshake, keep this checkbox selected.

    To verify the server certificate of SAP Host Agents during the SSL handshake, deselect this checkbox. The connection will only be established if the common name of the certificate matches the configured host name and the server certificate or the certificate of the CA is present in the 'LVMView' of the keystore.

    Ignore SSL Server Certificates for Instance Agents

    Checkbox selected

    Checkbox selected

    Checkbox deselected

    To ignore server certificates of instance agents during the SSL handshake, keep this checkbox selected.

    To verify server certificates of instance agents during the SSL handshake, deselect this checkbox. The connection will only be established if the common name of the certificate matches the configured host name and the server certificate or the certificate of the CA is present in the 'LVMView' of the keystore.

    Ignore SSL Server Certificates for Custom Web Services

    Checkbox selected

    Checkbox selected

    Checkbox deselected

    To ignore server certificates of custom web services during the SSL handshake, keep this checkbox selected.

    To verify the server certificate of custom web services during the SSL handshake, deselect this checkbox. The connection will only be established if the common name of the certificate matches the configured host name and the server certificate or the certificate of the CA is present in the 'LVMView' of the keystore.

    Require additional security token for automated configuration

    Checkbox selected

    Checkbox selected

    Checkbox deselected

    		 Servlet operations are secured against Cross-Site Request Forgery (CSRF). To request a token whenever servlets are called to export or import configuration data, keep the checkbox selected.

    For more information, see SAP Note 1752385 Information published on SAP site.

    Skip Authorization Checks for Operations within Custom Processes

    Checkbox deselected

    Checkbox selected

    Checkbox deselected

    To skip the authorization checks for operations within a custom process, select this checkbox.

    Advanced Authorization Mode

    Checkbox deselected

    Checkbox selected

    Checkbox deselected
    To enable the advanced authorization mode, select this checkbox. You can then enable the following:

    • Restrictive Mode

    • Content restriction mode

    • View restriction mode

    Restrictive Mode

    Checkbox deselected

    Checkbox selected

    Checkbox deselected

    If this checkbox is selected, authorization permissions for operations, content, and views are restricted for several user groups as defined under Start of the navigation pathSetup Next navigation step AuthorizationsEnd of the navigation path.

    Content restriction mode

    Checkbox deselected

    Checkbox selected

    Checkbox deselected

    To set authorization permissions to restrict operations and content for several user groups, select this checkbox.

    If the restrictive behavior is enabled and if there are no SAP Landscape Management authorization configuration entries for a given pool, then no operations or configurations can be performed on this pool. If the restrictive behavior is not enabled and if there are no SAP Landscape Management authorization configuration entries for a given pool, then operations or configurations can be performed on this pool based on the UME permissions.

    View restriction mode

    Checkbox deselected

    Checkbox selected

    Checkbox deselected

    To set authorization permissions for views to restrict the screen complexity for several user groups, select this checkbox.

    Default Encryption Password

    None

    Valid encryption password

    Default password used for encryption when calling servlets to export or import configuration data and scheduling the periodic synchronization of the SAP Landscape Management configuration.

  5. Save your entries.

Results

The following SAP Landscape Management jobs are rescheduled using the current user:

  • LVM_Job_ProcessExecutor

  • LVM_Job_ProcessCleaner

You can review the status of the jobs and the scheduling user in the SAP NetWeaver Administrator tool Java Scheduler.

Related Information