You set authorization permissions to restrict operations and content for several user
groups.
Prerequisites
You are logged on as Administrator.
Before you can set authorization permissions, you must enable this function. You
have the following options:
You have selected the Enable SAP Landscape Management
authorization configuration checkbox during the configuration
of SAP Landscape Management in
the SAP NetWeaver
Administrator.
You have selected the Advanced Authorization Mode
checkbox during the configuration of the engine settings in SAP Landscape Management .
For more information, see Configuring Security Settings .
You have selected the Content Restriction Mode checkbox
during the configuration of the engine settings in SAP Landscape Management .
Procedure
Choose .
Choose
Add .
A workflow appears showing the major steps involved in setting authorization
permissions.
Navigate through the following steps with the Previous and
Next button or choose a step in the workflow.
Pools step
Select the required pool that is created in the User Management Engine (UME)
or, if required, Other Permissions .
You use
Other Permissions for permissions that are
not directly related to a pool. This includes the following permissions:
UME Groups step
Select one or more UME groups to assign them to the pool.
To create UME groups in Identity Management, choose Create UME
Groups .
Pool/UME Group Combinations step
Select one or more combinations for which you want to assign the
permissions.
Permissions step
Select the required permissions that need to be set for the selected
combinations.
Note
The permission Instance Configuration
includes the permission to assign systems to another pool.
The permission System Destroy includes the
permission to delete volumes that are not related to the
system.
Note Only the permissions that are relevant for performing operations at the pool level are used in setting the authorization
among the rest of the UME
permissions.
To control the behavior of the SAP Landscape Management authorizations, you need
to enable the restrictive behavior of the SAP Landscape Management authorization
configuration. You have the following options:
Select the Enable Restrictive behavior of SAP Landscape Management authorization configuration
checkbox accordingly when you configure SAP Landscape Management in the
SAP NetWeaver Administrator.
Select the Restrictive Mode checkbox when configuring the engine settings for SAP Landscape Management .
If the restrictive behavior is enabled and if there are no SAP Landscape Management authorization configuration entries for a given pool, then
no operations or configurations can be performed on this pool. If the restrictive behavior is not enabled and if there are
no
SAP Landscape Management authorization configuration entries for a given pool,
then operations or configurations can be performed on this pool based on the UME permissions.
Summary step
The Summary step lists all of the information you
have specified in the previous steps.
Save your entries.