cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Content Management > authorization role or authorisation objects

Former Member

on ‎02-09-2009 10:26 AM

0 Kudos

Dear Security specialists,

We are implementing SAP CRM and are using content Management.

Referring to OSS notes 685521 and 606745 we defined a External Alias via SICF transaction code for the service /default_host/sap/bc/contentserver.

The external alias is called /SAP/BC/contentserver

I can create a service or communication user for this purpose but would like to find out what authorisations I should assign this user.

Scenario:

I log on with my own user in the CRM2007 system and search for a quotation containing several attachments (pfd or word). To open it the service /default_host/sap/bc/contentserver is normally called and the user in this service should have authorisation to open this particular attachment.

I tried to find back the authorisation objects using a TRACE (ST01) the following way:

I assigned a dummy user having sap_all to this External alias and next logged on with my own user in the CRM WEBUI. Before I set a trace on for the dummy user defined in the external alias.

When I search and open the quotation I would expect that something would be found in my trace for the dummy user , but nothing appears in the trace results. On SDN and SAPHelp I also could not find back any particular authorisatin role you normally would assign to such a user.

thanks for your input

Davy Pelssers

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎02-10-2009 2:09 AM
0 Kudos

Ok If I understand this correctly ...the logon Id had SAP_ALL and that heped you to complete this functionality....ST01 has not been much of help...so lets remove the SAP_ALL from this Id and then see what error does it give ...and let us know ....from it we will try to add the auth objects one by one. I assume S_RFC would be must with activity - 16, RFC type FUGR, lets keep RFC_NAME as * for a moment...and let us see

Also go through the SAP NOTE 460089.

Edited by: Nishant Sourabh on Feb 10, 2009 3:52 AM

Show replies
Show replies
g_srivastava
Active Contributor
‎02-09-2009 10:38 AM
0 Kudos

<more_irrelevant_information_removed_by_moderator>

Edited by: Julius Bussche on Feb 9, 2009 12:11 PM

Show replies
Show replies
Former Member
‎02-09-2009 10:29 AM
0 Kudos

Hi,

You can use the transaction SU24 to find out the audthorizations objects. But in your scenario I would create new role/profile with the transactions which you mentioned instead of SAP_ALL.

Hope this helps.

Manoj Chintawar

Show replies
Show replies
Former Member
‎02-09-2009 10:35 AM
0 Kudos

Thanks for 'trying' to give an answer, but If you would have read the complete question I am sure you would agree that SU24 is useless in my case.

I know SU24 well and it is usefull when evaluating Authorisation objects used in tcodes or external services.

However, in this case I am particularly trying to find out what authorisation objects and values are necessary for this Communication user in order to access documents stored on the Content Server.

There is not an existing transaction code for this purpose and therefore I tried using the TRACE, which did not render any results.

cheers

D

Ask a Question