Defining Authorizations

Use

You can define and edit authorizations for access to objects in the Integration Directory. You can either define authorizations for all objects in the Integration Directory, or for objects of a particular folder.

With an authorization, you define one or more permitted actions for a selection of users. A selection of users can be defined by one single user, a group, or a role.

When accessing an object, the system first checks the authorizations for the folder in which the object is located. If no authorizations are defined, the default setting takes effect.

You can define that authorizations are inherited by underlying folders.

Prerequisites

When defining authorizations, you access users, roles, and groups from the assigned user management.
You have activated the required configuration parameter (depends on installation option):
- Dual-Stack Installation: You have activated the following exchange profile parameter: com.sap.aii.ib.server.acl.enable.
- Advanced Adapter Engine Extended: You have activated the following Java system property of service XPI Service: AII Config Service: com.sap.aii.ib.server.acl.enable.
You have the execute the following configuration steps to be able to assign enhanced actions to ACLs:
1. Call SAP NetWeaver Administrator.
2. On the Configurationtab page, choose Scenarios Configuration Wizard.
3. Choose All Configuration Tasksand search for Configure Advanced Authorization(under Find).
4. Execute the configuration step.

Procedure

Editing Default Settings for Authorizations

You can define a default setting for authorizations that are then applied to all objects that no explicit authorizations have been defined for.

In the Integration Builder main menu choose Tools Default Settings for Authorizations.
Edit the authorizations that you want to define as the default setting. To do this, proceed as described below under Defining Authorizations.

For the default settings you can also define which user or group is to be get authorization to import and export objects.

Defining Authorizations

Choose the folder view in the navigation area of the Integration Directory.
Position the cursor on the folder for which you want to edit the authorizations.
In the context menu, choose Edit Authorizations.
To create a new authorization, add a new line to the table.
In the Typecolumn, enter whether you want to specify the authorization for a user, group, or role.

Recommendation

We recommend that you define authorizations for users or groups. You can also define authorizations for roles in the Integration Directory. If the necessary authorizations are missing for the role in the Default User Management, then the authorizations defined in the Integration Directory do not take effect in the correct way. For example, it does not make sense to assign write authorization to a role with display authorization in the Integration Directory.
In the Namecolumn, select the name of the user, group, or role.
In the Actionscolumn, enter the permitted actions.

By default, you can select the following actions:
- Write
- Editing Authorizations
When you have made the necessary configuration settings (see Prerequisites), you can select the following enhanced actions:
- Create subordinate elements
  
  (create objects or directories subordinate to directory)
- Edit subordinate elements
  
  (edit objects or directories subordinate to directory)
- Delete subordinate elements
  
  (delete objects or directories subordinate to directory)
- Edit directory
  
  (rename the current directory)
- Delete directory
  
  (delete the current directory)
The roles necessary to execute the action are displayed from the Standard User Management.
Choose Copy.

Inherit Authorizations

You have the following options:

Substructures inherit all authorizations
Inherit Authorizations Selectively

Here you define that selected authorizations are inherited by the current directory from superordinate directory.

Select the corresponding pushbutton to call the function that you require.