Authorizations 
The SAP NetWeaver Development Infrastructure (NWDI) uses the authorization concept provided by SAP NetWeaver. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide Java also apply to the NWDI.
The SAP NetWeaver authorization concept is based on assigning authorizations to users according to roles. For role maintenance, use the profile generator (transaction PFCG) when using ABAP technology and the User Management Engine's user administration console when using Java.
The CBS and the CMS use UME roles as an authorization concept.
The DTR controls the access to the DTR resources using Access Control Lists (ACLs). The ACLs combine a set of privileges and control access to these resources. In this way you can define which user should be allowed or denied to perform a certain task. For more information, see Authorizations for the DTR Client.
Default Privileges in the DTR ACLs
DTR Folder |
Group |
Privileges |
root "/" |
NWDI.Administrators |
All privileges. |
NWDI.Developers |
Read, write and check in privileges. |
|
system-tools/administration |
NWDI.Administrators |
All privileges with ignore-inheritance. |
sysconfig |
NWDI.Administrators |
All privileges with ignore-inheritance. |
ws/system |
NWDI.Administrators |
All privileges with ignore-inheritance. |
You can operate the SLD and the Name Server either in a single system or in separate systems. Both components use J2EE roles as an authorization concept.
Standard Roles
For information about the standard roles that are used by the NWDI:
SLD, see Configuring SLD Security Roles.
CBS, see Roles in the Component Build Service.
CMS, see Roles in the Change Management Service.
Mappings of users and groups
These are the mappings of the groups, UME roles and the default users of the NWDI:
Mapping in the Development Infrastructure
Group Name |
UME Roles |
Mapped Users |
NWDI.Administrators |
SAP_DI_ADMINISTRATOR, SAP_SLD_ORGANIZER, NWA_SUPERADMIN |
NWDI_ADM, NWDI_CMSADM |
NWDI.Developers |
SAP_DI_DEVELOPER, SAP_SLD_DEVELOPER |
NWDI_DEV |
All of these groups are delivered with the NWDI. You need to create administrative and development users and map them to the listed roles after the installation. For more information, see Example Authorizations in the Development Infrastructure.