Granular Roles and Security in SAP NetWeaver Administrator
Users with Application Specific role have special authorizations for accessing the application and performing operations. Similar to the two security roles (NWA_READONLY and NWA_SUPERADMIN), the Application Specific role extends the purpose of granularity providing more restricted and special access to the applications.
Embedded Application Actions
There are two User Management Engine (UME) actions for every Embedded Application.
-
ReadOnly Action - To provide read-only access to the embedded application users
-
SuperAdmin Action - To provide full access to the embedded application users
These actions are attached to a role which is then assigned to a user.
LogViewer Application has two actions:
-
NWA_READONLY_LOGV
-
NWA_SUPERADMIN_LOGV
You can assign the Embedded Application actions to the Application Specific roles.
The action names of the SAP NetWeaver components are listed below:
For NWA_SUPERADMIN role, you assign the security permissions to enable the users with administrative access at the UI level. However, for some applications you need to provide additional permissions (for example, deploy permissions) to perform the administrative tasks. You assign these additional roles using the Embedded Application actions described above. The NWA_SUPERADMIN role does not have access to business-relevant data.
For more information on Java AS security, see SAP NetWeaver Application Server for Java Security Guide