Setting Authorization Permissions for Operations and Content

You set authorization permissions to restrict operations and content for several user groups.

Prerequisites

You are logged on as Administrator.
Before you can set authorization permissions, you must enable this function. You have the following options:
- You have selected the Enable SAP Landscape Management authorization configuration checkbox during the configuration of SAP Landscape Management in the SAP NetWeaver Administrator.
- You have selected the Advanced Authorization Mode checkbox during the configuration of the engine settings in SAP Landscape Management.
  
  For more information, see Configuring Security Settings.
You have selected the Content Restriction Mode checkbox during the configuration of the engine settings in SAP Landscape Management.

Procedure

Choose Setup Authorizations Operations & Content.
Choose Add.
A workflow appears showing the major steps involved in setting authorization permissions.
Navigate through the following steps with the Previous and Next button or choose a step in the workflow.
1. Pools step
  
  Select the required pool that is created in the User Management Engine (UME) or, if required, Other Permissions.
  You use Other Permissions for permissions that are not directly related to a pool. This includes the following permissions:
  - Pool configuration
  - Characteristics configuration
  - Infrastructure configuration
2. UME Groups step
  
  Select one or more UME groups to assign them to the pool.
  
  To create UME groups in Identity Management, choose Create UME Groups.
3. Pool/UME Group Combinations step
  
  Select one or more combinations for which you want to assign the permissions.
4. Permissions step
  
  Select the required permissions that need to be set for the selected combinations.
  Note
  - The permission Instance Configuration includes the permission to assign systems to another pool.
  - The permission System Destroy includes the permission to delete volumes that are not related to the system.
  Note Only the permissions that are relevant for performing operations at the pool level are used in setting the authorization among the rest of the UME permissions. To control the behavior of the SAP Landscape Management authorizations, you need to enable the restrictive behavior of the SAP Landscape Management authorization configuration. You have the following options:
  - Select the Enable Restrictive behavior of SAP Landscape Management authorization configuration checkbox accordingly when you configure SAP Landscape Management in the SAP NetWeaver Administrator.
  - Select the Restrictive Mode checkbox when configuring the engine settings for SAP Landscape Management.
  If the restrictive behavior is enabled and if there are no SAP Landscape Management authorization configuration entries for a given pool, then no operations or configurations can be performed on this pool. If the restrictive behavior is not enabled and if there are no SAP Landscape Management authorization configuration entries for a given pool, then operations or configurations can be performed on this pool based on the UME permissions.
5. Summary step
  
  The Summary step lists all of the information you have specified in the previous steps.
Save your entries.