on 03-01-2012 10:19 PM
Hello!
To preface, I am recently out of college, and am relatively new to SAP/Security. I ask that any replies explain not only the what, but the why, so that I may gain a better understanding. Thanks!
Our security team is looking to put some restriction on importing corrections into production systems. Basicially, we've been using a custom version of SAP_CM_ADMINISTRATOR_COMP. We would like to continue using this base composite, but remove the abliity import the correction into production (and leave this authority to a select group of people). All of the other authorizations should remain.
What roles/objects could one look to restrict/remove to achieve this? Has anybody implemented a similar customization?
Thanks in advance!
Hi,
make it easy, CHARM is completely role based. as per this, I could say import of TR to production done either by IT Operator or Project Manager.
Hence instead of assigning the COMP role assing the appropriate role to the relevant person like below
SAP_SOCM_IT_OPERATOR Import corrections into the production system
SAP_SOCM_PRODUCTION_MANAGER Import corrections into the production system
SAP_CM_SMAN_PRODUCTIONMANAGER Accept imports into the production system
check here more http://help.sap.com/saphelp_sm32/helpdata/en/45/cb27429d16db2ce10000000a1550b0/content.htm
Let me know is that answer your query.
Thanks.
Jansi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Anybody else?
I've been looking at the ChaRM composite roles as listed in the security guide -
SAP_CM_ADMINISTRATOR_COMP
SAP_CM_CHANGE_MANAGER_COMP
SAP_CM_DEVELOPER_COMP
SAP_CM_OPERATOR_COMP
SAP_CM_PRODUCTIONMANAGER_COMP
SAP_CM_TESTER_COMP
SAP_SOCM_REQUESTER
Right now, most users have the SAP_CM_ADMINISTRATOR_COMP role (in a customized form). Obviously this is big risk. My thinking is that, for the short term, we'll want to continue having Basis with the same access. But other users on the project would use a combination of Developer/Tester/Requester. Thoughts?
Can anybody provide a bit more detailed description of the above composites (and what the difference is between the SMAN and SOCM technical roles within)? The security guide's one or two sentence descriptions aren't real helpful.
Thanks for the help!
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.