Authorization Object S_ICF_ADM

Definition

This object includes authorization checks for accessing individual virtual hosts, services, and aliases in the Internet Communication Framework.

Use

You can use this authorization object to restrict administration access to various elements of the Internet Communication Framework. You can apply these restrictions to virtual hosts, services (service nodes), and aliases.

Structure

Authorization Object S_ICF_ADM

Field

Meaning

Values

ACTVT

Activity

01: Create

02: Change

03: Display

06: Delete

07: Activation

ICF_HOST

Virtual host

<Name of the virtual host>

ICF_NODE

GUID (BC-ABA)

of an ICF service or alias

<GUID of the service or the parent node>

ICF_TYPE

ICF element

Alias (external alias)

Host (virtual host)

Node (service, internal alias)

Integration

Since virtual hosts, services, internal aliases, and external aliases are organized in a hierarchical structure, you can specify the authorizations for creating and editing individual elements at different levels. You can grant an authorization for a specific element or for a higher-level node. Using this procedure, you can grant users the authorization to maintain all elements below this node.

You specify either the element's NODGUID or the element's PARGUID as the value of the particular element. The NODGUID is the GUID (BC-ABA) of the node itself; the PARGUID is the GUID of the direct parent node or a higher node.

Virtual Host (ICF_HOST)

Here you specify the name of the virtual host that you want to create or under which you want to create a service or alias.

Service, Internal Alias, or External Alias (ICF_NODE)

Here you specify either the NODGUID of the specific service or the PARGUID (the NODGUID of the parent node).

ICF Element Type (ICF_TYPE)

Here you can select the ICF elements (virtual host, service/internal alias, external alias) you want the authorization to apply to.

Example

You want to grant a user the authorization to create, change, and delete services on the host myhost and under the path /sap/bc. To do this, you need to specify the following:

 

PARGUID

NODGUID

myhost

00815

00816

sap

00816

00817

bc

00817

00818

service_new

00818

00819

This service needs to be created; the NODGUID is unknown until this service exists.

  1. The user wants to create a new host ( myhost). The user also wants to be able to change and delete this host.

    ACTVT

    ICF_HOST

    ICF_TYPE

    01, 02, 03

    myhost

    Host

  2. The user wants to create a new service ( service_new) (the NODGUID of the new service is not yet known):

    ACTVT

    ICF_HOST

    ICF_NODE

    ICF_TYPE

    01

    myhost

    00818

    Node

  3. The new service ( service_new) has been created. The user must only be allowed to change or delete this service.

    ACTVT

    ICF_HOST

    ICF_NODE

    ICF_TYPE

    02, 06

    myhost

    00819

    Node

  4. If you want to allow the user to change and delete any services under /sap/bc, enter the NODGUID of bc (here, 00818) instead of 00819. '00818'):

    ACTVT

    ICF_HOST

    ICF_NODE

    ICF_TYPE

    02, 06

    myhost

    00818

    Node