Authorization Object S_ICF_ADM
This object includes authorization checks for accessing individual virtual hosts, services, and aliases in the Internet Communication Framework.
You can use this authorization object to restrict administration access to various elements of the Internet Communication Framework. You can apply these restrictions to virtual hosts, services (service nodes), and aliases.
Authorization Object S_ICF_ADM
|
Field |
Meaning |
Values |
|---|---|---|
|
ACTVT |
Activity |
01: Create 02: Change 03: Display 06: Delete 07: Activation |
|
ICF_HOST |
Virtual host |
<Name of the virtual host> |
|
ICF_NODE |
GUID (BC-ABA) of an ICF service or alias |
<GUID of the service or the parent node> |
|
ICF_TYPE |
ICF element |
Alias (external alias) Host (virtual host) Node (service, internal alias) |
Since virtual hosts, services, internal aliases, and external aliases are organized in a hierarchical structure, you can specify the authorizations for creating and editing individual elements at different levels. You can grant an authorization for a specific element or for a higher-level node. Using this procedure, you can grant users the authorization to maintain all elements below this node.
You specify either the element's NODGUID or the element's PARGUID as the value of the particular element. The NODGUID is the GUID (BC-ABA) of the node itself; the PARGUID is the GUID of the direct parent node or a higher node.
Since the NODGUID is not generated until an element is created, it makes sense to grant the authorization for this activity to the next highest node (and therefore all underlying elements).
Virtual Host (ICF_HOST)
Here you specify the name of the virtual host that you want to create or under which you want to create a service or alias.
Service, Internal Alias, or External Alias (ICF_NODE)
Here you specify either the NODGUID of the specific service or the PARGUID (the NODGUID of the parent node).
If you use the role maintenance transaction (transaction PFCG) to create authorization data, you can find the value for this field by using Change to select the required service or service node from the service hierarchy. The appropriate GUID is then copied to the value field automatically.
The NODGUID is not recognised during creation since it was only generated during creation. Therefore you require the NODGUID of the parent. You can also specify the NODGUID of higher level parent nodes.
ICF Element Type (ICF_TYPE)
Here you can select the ICF elements (virtual host, service/internal alias, external alias) you want the authorization to apply to.
You want to grant a user the authorization to create, change, and delete services on the host myhost and under the path /sap/bc. To do this, you need to specify the following:
|
PARGUID |
NODGUID |
|
|---|---|---|
|
myhost |
00815 |
00816 |
|
sap |
00816 |
00817 |
|
bc |
00817 |
00818 |
|
service_new |
00818 |
00819 This service needs to be created; the NODGUID is unknown until this service exists. |
-
The user wants to create a new host ( myhost). The user also wants to be able to change and delete this host.
ACTVT
ICF_HOST
ICF_TYPE
01, 02, 03
myhost
Host
-
The user wants to create a new service ( service_new) (the NODGUID of the new service is not yet known):
NoteWhen you make this setting, you enable multiple services or entire subtrees to be created under the path /sap/bc.
ACTVT
ICF_HOST
ICF_NODE
ICF_TYPE
01
myhost
00818
Node
-
The new service ( service_new) has been created. The user must only be allowed to change or delete this service.
ACTVT
ICF_HOST
ICF_NODE
ICF_TYPE
02, 06
myhost
00819
Node
-
If you want to allow the user to change and delete any services under /sap/bc, enter the NODGUID of bc (here, 00818) instead of 00819. '00818'):
NoteIf you want the authorization to apply to all elements below the path /sap, enter 00817 for the service.
ACTVT
ICF_HOST
ICF_NODE
ICF_TYPE
02, 06
myhost
00818
Node