cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MII Security

Go to solution
Former Member

on ‎08-30-2012 1:08 PM

0 Kudos

We are implementing MII in our organization, now we are doubtful who should be handling the MII Security.  There is SAP security team who handles ECC SAP security and the MII administrator who would he handling all the MII related tasks. Now we are doubtful whom should be given a responsiblity of MII security, either to MII Administrator or to SAP Security team.   

We also found that is no standard SAP roles for performing MII Security duties.  There are XMII_Developer, XMII_User and XMII_Addministrators roles but not specific to security. So does htis mean we have to customize XMII_Administrator role to restict it for secuity purpose. Or this responsibility should lie with the MII Administrator itself.

Please let us know the standard process and process followed in other companies.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-30-2012 3:50 PM
0 Kudos

As Micheal and Jeremy stated the Netweaver admin will usually handle the User role assignments and new role creation.

But there is the second side of the coin where the MII administrator and/or developer need to actually use the roles defined.

The base roles will only lock down the MII framework (Admin screens, work bench access, etc. . . ).

If you want to start limiting transactions and pages to specific people the developer will need to incorporate this into the design.

So the Mii developer and/or administrator will need to work with your netweaver administator to manage the security of your mii system.

Show replies
Show replies
Former Member
‎09-02-2012 11:14 AM
0 Kudos

Thanks Jeremy and Jasper.

I was looking for the same reply that security is maintained at 2 level in MII. First one at UME level which control the screen view access as done in portal.  Second level at data access screen which is the internal assigment job for MII Admin/developer. 

So it means SAP Security can control the UME security as normally does, but it should be MII Admin/developer who does the role assigment to data access servers as they are internally aware about the requirement.

Please let me know if I understood correctly.

Former Member
‎09-02-2012 2:22 PM
0 Kudos

Yeah thats pretty much it except the mii developer is also in charge of what roles have access to what pages in Mii. The portal admin can't control or block access to specific pages in Mii. The portal admin can only block the standard mii pages like the administration page through the built in XMII_XX roles.

Answers (2)

Answers (2)

Former Member
‎09-02-2012 3:48 PM
0 Kudos

Do refer below for more..

http://help.sap.com/saphelp_mii122sp04/helpdata/en/4c/9865ca653760c5e10000000a15822d/content.htm

Show replies
Show replies
agentry_src
Active Contributor
‎08-30-2012 1:18 PM
0 Kudos

Hi Sameer,

These days, MII Security is usually administered by the NW security folks, since the NW UME is the controlling application rather than MII. 

Regards, Mike

Show replies
Show replies
Former Member
‎08-30-2012 2:04 PM
0 Kudos

Thanks Michael, our NW UME security is handled by the portal administrator as part of all portal activities, so I assume MII security should also be handled by Portal team as this will be SSO with the portal. 

jcgood25
Active Contributor
‎08-30-2012 2:48 PM
0 Kudos

Aside from the standard XMII_xxx roles you mentioned, it is quite likely you will need additional roles (perhaps already existing in UME) to handle aspects of the MII application(s) you intend to deploy.  There are various Actions within UME that regulate permissions to perform particular capabilities within MII, and the predelivered XMII_xxx roles provide a base level of capability for the associated roles (see the online help docs for more information about the actions and what they do).

Ask a Question