cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ChaRM Import Authorizations

Former Member

on ‎03-01-2012 10:19 PM

0 Kudos

Hello!

To preface, I am recently out of college, and am relatively new to SAP/Security. I ask that any replies explain not only the what, but the why, so that I may gain a better understanding. Thanks!

Our security team is looking to put some restriction on importing corrections into production systems. Basicially, we've been using a custom version of SAP_CM_ADMINISTRATOR_COMP. We would like to continue using this base composite, but remove the abliity import the correction into production (and leave this authority to a select group of people). All of the other authorizations should remain.

What roles/objects could one look to restrict/remove to achieve this? Has anybody implemented a similar customization?

Thanks in advance!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎03-02-2012 3:31 AM
0 Kudos

Hi,

make it easy, CHARM is completely role based. as per this, I could say import of TR to production done either by IT Operator or Project Manager.

Hence instead of assigning the COMP role assing the appropriate role to the relevant person like below

SAP_SOCM_IT_OPERATOR  Import corrections into the production system
 
SAP_SOCM_PRODUCTION_MANAGER  Import corrections into the production system

SAP_CM_SMAN_PRODUCTIONMANAGER  Accept imports into the production system

check here more http://help.sap.com/saphelp_sm32/helpdata/en/45/cb27429d16db2ce10000000a1550b0/content.htm

Let me know is that answer your query.

Thanks.

Jansi

Show replies
Show replies
Former Member
‎03-02-2012 1:50 PM
0 Kudos

Jansi

Thanks for the reply.

I recall seeing this list of roles in the SolMan Security Guide. My question is, how can I keep all other access associated with our current composite, while eliminating the abililty to import into prod? Is there a combination of roles that can do this?

Thanks

Former Member
‎03-06-2012 3:01 PM
0 Kudos

Anybody else?

I've been looking at the ChaRM composite roles as listed in the security guide -

SAP_CM_ADMINISTRATOR_COMP

SAP_CM_CHANGE_MANAGER_COMP

SAP_CM_DEVELOPER_COMP

SAP_CM_OPERATOR_COMP

SAP_CM_PRODUCTIONMANAGER_COMP

SAP_CM_TESTER_COMP

SAP_SOCM_REQUESTER

Right now, most users have the SAP_CM_ADMINISTRATOR_COMP role (in a customized form). Obviously this is big risk. My thinking is that, for the short term, we'll want to continue having Basis with the same access. But other users on the project would use a combination of Developer/Tester/Requester. Thoughts?

Can anybody provide a bit more detailed description of the above composites (and what the difference is between the SMAN and SOCM technical roles within)? The security guide's one or two sentence descriptions aren't real helpful.

Thanks for the help!

Ask a Question