cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

keystore access in nwa

Go to solution
Former Member

on ‎05-05-2015 8:10 AM

0 Kudos

Hi Experts,

I've got one question regarding the authorizations needed to access the keystore in NWA.

In UME there is a role "Administrator" which contains this authorization, but this role also contains full nwa Access.

So what I want is to give access to the keystore only with the rights to create, view and Change entries.

I want to create an own rule with the necessary Actions, but I don't know which Actions are necessary.

What I want in Detail is:

- Access to nwa

- Access to configuration tab in nwa

- Access to security area under the configuration tab

- full Access to the area "certificates and keys"

Do you have any experience with that and could give me some hints?

Thanks in advance

Best regards!

Christopher Kühn

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-07-2015 9:26 AM
0 Kudos

Hi Guys,

thanks for all your helpful answers.

I figured it out:

I've added the Java role "NWA_READONLY" to the user to give him General NWA read only authorization. Additionally I've created a new role with two Actions:

1) NWA_SUPERADMIN_CKP (Type: UME; Service/application: tc~lm~webadmin~permissions; Name: NWA_SUPERADMIN_CKP)

2) domains.all.all (Type: UME; Service/application: security; Name: domains.all.all)

Best regards!

Christopher

Show replies
Show replies

Answers (3)

Answers (3)

manumohandas82
Active Contributor
‎05-07-2015 9:37 AM
0 Kudos

Hi Chris ,

Please close the thread if your query is answered

Thanks ,

Manu

Show replies
Show replies
Former Member
‎05-05-2015 12:58 PM
0 Kudos

Dear Christopher,


Please go to the user management--> Enter User Name-->Open Assigned Role tab -->Open Role" Administrator". Here You can Restrict the user.


Please find the attached screen shot and assign some points also if answer is helpful....

                                                                                                                                                                                                                                                                                                                                      

Show replies
Show replies
Former Member
‎05-06-2015 10:16 AM
0 Kudos

Hello Adarsh,

thanks for your reply but I don't want to give the user the Administrator role. I want to give the user only a dedicated authorization for the keystore.

Thanks and best regards!

Christopher

former_member185954
Active Contributor
‎05-05-2015 11:10 AM
0 Kudos

Hello Christopher,

This query has been answered in the past to some extent:  https://scn.sap.com/thread/950023

Have a look at the above thread, check the responses of people speaking about Visual Admin.

Regards,

Siddhesh

Show replies
Show replies
Former Member
‎05-06-2015 10:14 AM
0 Kudos

Hello Siddhesh,

thanks for your reply, but the thread only says to give the users the role "Administrator" or "SAP_J2EE_ADMIN" in case of a double stack.

But this is not what I want. I want to give some users dedicated Access only to the keystore.

We have NW 7.4 SP8 (Double stack PI).

Thanks and best regards!

Christopher

former_member185954
Active Contributor
‎05-06-2015 11:01 AM
0 Kudos

Hello Christopher,

As I mentioned, read the responses in the thread, they speak about using Visual Admin tool to locate the relevant roles in visual admin.

Regards,

Siddhesh

Former Member
‎05-06-2015 1:43 PM
0 Kudos

Hi Siddhesh,

the visual admin is not available in NW 7.4. The visual admin was replaced by the NetWeaver Administrator (NWA).

In NWA in the UME I cannot find any roles like "KeystoreAdministrator" or "KeystoreViewsCreator"

Best regards!

Christopher

manumohandas82
Active Contributor
‎05-06-2015 1:47 PM
0 Kudos

Hi Chris ,

Please check whether the following link helps you

Standard Roles - SAP NetWeaver Application Server Java Security Guide - SAP Library

The role should be "KeystoreAdministrator" / "KeystoreViewCreator"  If not present check for the locally defined roles


Also


Applying Security Constraints to a Security Role - AS Java User Management Using the Visual Administ...


Thanks ,

Manu

former_member185954
Active Contributor
‎05-06-2015 1:57 PM
0 Kudos

You are so right, my apologies, I missed this critical bit, anyways I found a document that tells you where to find the nodes that you should have found on visual admin.

Compare the nodes described in the thread I shared and see if you can find the corresponding nodes on NWA

Check the link below:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80212ef7-d9c9-2b10-02bf-a2d1c1ed0...

Regards,

Siddhesh

former_member185954
Active Contributor
‎05-07-2015 10:07 AM
0 Kudos

Hello Christopher,

Manu is right, I was looking for this link, its interesting to know these details, I will bookmark this thread.

Thanks Manu

Regards,

Siddhesh

Ask a Question