cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Work Mgr. authorizations

Go to solution
former_member220966
Participant

on ‎01-21-2015 10:05 PM

0 Kudos

Hi everyone,

We are implementing SAP Work Manager 6.2 on SMP 3.0 SP04. I have a question around SAP Work Manager authorizations - I have read the WM 6.2 installation guide found here https://websmp101.sap-ag.de/~form/handler?_APP=00200682500000002672&_EVENT=DISPLAY&_SCENARIO=0110003...

We will reference the below(very high level and simplified) diagram to better understand the question.

As I understand, the user logs into the WM client using the credentials for the SAP backend system and needs to have access in the backend system to be able to perform operations like work order processing etc.

The issue is that our client does not want all the individual users to get these authorizations to the backend SAP system as this will allow the users to do all kinds of activities in the SAP GUI(although the users will never log in to the SAP GUI and will only use the mobile app, but our client has raised this as a security risk and a show stopper).

I am new to SAP Work Manager and hence the question  - Is there any way to get around this? Can we, for example, have a generic(CPIC) user in SMP and assign all back end authorizations to this user?  When the request is initiated by the client, the Agentry component within SMP, knows which user it needs to fetch the data for and adds this "Actual user" as a parameter?

I guess my bottom line question is - can we somehow allow mobile users to perform all activities on the work manager mobile application, without giving them access to perform these and any additional activities in the SAP GUI? I would really appreciate any ideas/inputs that you might have.

Cheers,

Abhinav

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

i834235
Product and Topic Expert
Product and Topic Expert
‎01-22-2015 1:17 AM
0 Kudos

Abhinav

In the SAP backend system you can create roles and assign authorization objects  and assignit to the mobile users based on their business roles.  By doing so your only giving required  access to Mobile users to perform his/her work. E.G:- if you provide access to Mobile users to create / change work order doesn't mean that same user can logon to  SAP GUI and create  purchase order or sales orders.

Lets say if mobile user have access to create  Notification from mobile device but not in SAP backend then  that transaction will  fail  when  changes are submitted to the backend.

May be i'm not completely clear with requirements and what your  trying to address. But here are couple of  options:-

1) Look at security settings in /syclo/configpanel   system/product/syclo class handler security options to  see if that meets your  requirement.

2) Download SAP roles/authorization into complex table.  Based on roles  you can write  rules to enable / disable certain functionalities in Work Manager apps.

3)  if above 2 options doesn't meet your  requirement - May be create Z  table to maintain some dummy authorization for Mobile operations.  like create work order , change WO etc. assign to Mobile users .  Download  z table content to mobile application and based on rule you can enable / disable certain features on Work manager.

Thanks,

Manju - Technology RIG, SAP

Show replies
Show replies

Answers (2)

Answers (2)

former_member220966
Participant
‎01-23-2015 2:38 PM
0 Kudos

Manju/Chandra,

Thank you for providing these pointers, I am currently brain storming on some of these with the team. Where can I find more information on "assigning user menu and restricting navigation"?

Cheers,

Abhinav

Show replies
Show replies
mark_pe
Active Contributor
‎01-21-2015 11:55 PM
0 Kudos

I pinged my colleague to answer you.
He has better examples than I. I have full access under my profile.I can't remember what back-end I need to connect to that has the bare minimum profile and role - just to give an example.

Regards,

Mark Pe

SAP Senior Support Engineer

Show replies
Show replies
chandra_ayyagari
Advisor
Advisor
‎01-22-2015 1:23 AM
0 Kudos

By default there is no separate User Administration for Work Manager in other words it uses roles/authorizations configured in SAP. You assign roles with assumption that Users will use SAP GUI . Additionally you should also assign S_RFC to Users role. There is nothing preventing users from login to SAP if the user accounts were created as Dialog Users (alternatively you can create then as System/Service User).

There is an option to use USER_AUTH_GLOBAL for authentication to use a generic ID but then you will be able to track changes or Assign Work (push as well).

Have you considered assigning User Menu and restricting navigation?

Thx

Chandra

Ask a Question