on 05-05-2015 8:10 AM
Hi Experts,
I've got one question regarding the authorizations needed to access the keystore in NWA.
In UME there is a role "Administrator" which contains this authorization, but this role also contains full nwa Access.
So what I want is to give access to the keystore only with the rights to create, view and Change entries.
I want to create an own rule with the necessary Actions, but I don't know which Actions are necessary.
What I want in Detail is:
- Access to nwa
- Access to configuration tab in nwa
- Access to security area under the configuration tab
- full Access to the area "certificates and keys"
Do you have any experience with that and could give me some hints?
Thanks in advance
Best regards!
Christopher Kühn
Hi Guys,
thanks for all your helpful answers.
I figured it out:
I've added the Java role "NWA_READONLY" to the user to give him General NWA read only authorization. Additionally I've created a new role with two Actions:
1) NWA_SUPERADMIN_CKP (Type: UME; Service/application: tc~lm~webadmin~permissions; Name: NWA_SUPERADMIN_CKP)
2) domains.all.all (Type: UME; Service/application: security; Name: domains.all.all)
Best regards!
Christopher
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris ,
Please close the thread if your query is answered
Thanks ,
Manu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Christopher,
This query has been answered in the past to some extent: https://scn.sap.com/thread/950023
Have a look at the above thread, check the responses of people speaking about Visual Admin.
Regards,
Siddhesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Siddhesh,
thanks for your reply, but the thread only says to give the users the role "Administrator" or "SAP_J2EE_ADMIN" in case of a double stack.
But this is not what I want. I want to give some users dedicated Access only to the keystore.
We have NW 7.4 SP8 (Double stack PI).
Thanks and best regards!
Christopher
Hi Chris ,
Please check whether the following link helps you
Standard Roles - SAP NetWeaver Application Server Java Security Guide - SAP Library
The role should be "KeystoreAdministrator" / "KeystoreViewCreator" If not present check for the locally defined roles
Also
Thanks ,
Manu
You are so right, my apologies, I missed this critical bit, anyways I found a document that tells you where to find the nodes that you should have found on visual admin.
Compare the nodes described in the thread I shared and see if you can find the corresponding nodes on NWA
Check the link below:
Regards,
Siddhesh
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.