Show TOC

Background documentationSecurity in SAP NetWeaver Locate this document in the navigation structure

 

The scheduler integrates with UME to determine which users have at least one of the following two actions:

  • redwood.com/Scheduler.AccessScheduler - access only.

  • redwood.com/Scheduler.ManageScheduler - manage the scheduler.

Roles with these actions are managed in UME. The following two sections illustrate how to assign roles and isolation groups to users:

As soon as users with one of the above actions log on for the first time, objects are automatically created. Any role that has any of the above actions, will be created in SAP CPS as soon as a user with that role logs on. The isolation administrator can also add users from UME. Authorizations are synchronized at login-time, so changes will be effective upon the next login.

Coarse-grained permission assignment is managed in UME, by creating a role matching the following role names and assigning it the redwood.com/Scheduler.AccessScheduler action.

  • scheduler-administrator - can perform all actions.

  • scheduler-event-operator - can raise and clear events.

  • scheduler-job-administrator - can create/edit/delete event definitions, job definitions, job chains. Can modify jobs.

  • scheduler-user - has access to SAP CPS only, cannot see any objects.

  • scheduler-viewer - read only access to all objects.

  • scheduler-isolation-administrator - can create/edit/delete isolation groups and add users to these.

  • scheduler-screen-reader - indicates that you are using a screen reader.

Fine-grained permission assignment can be done inside SAP CPS by assigning permissions to users or custom roles created in UME. It is not possible to change the above roles from within SAP CPS.