on 01-29-2016 8:26 AM
Hi,
I am trying to set up a role based authorization for ESR and ID objects but for some reason authorization is not working as expected.
I want to restrict few SWCV's only for the users having specific role.
I created a new role and have followed the exact steps as mentioned in below documents
But still not getting it working. Although I have assigned a User role to Test User and User role is configured to have only single component EDITable, user still able to edit entire landscape.
1. I am assuming that authorization should be working based on User Role and not necessarily I have to add Edit Auhorization for every single SWCV to get working.
2. I tried by setting EDIT Authorization feature based on User Role and see it working but then configuring objects in user roles doesn't make any sense if I have to do this for every single SWCV.
Can you please let me know if you have experienced this or have configured authorization based on User roles in your landscape for PI 7.1 EHP1
Thanks in advance.
Thanks and Regards,
Amit
Hello Amit
Make sure
com.sap.aii.util.server.auth.activation this property in Exchange profile is set to true.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, i did. In NWA-->Identity management, I have assigned the custom role to this user.
I have also made sure that this user does not have ADMIN role.
Although SAP_XI_DEVELOPER_J2EE is assigned for this user to be able to edit the objects in ESR.
I would like to know if any specific role is to be checked or removed for this user.
Thanks,
Amit
Yes, Just to confirm my understanding as it is working fine for you.
Edit Authorization and User roles should work independently, right ?
what i mean is I should expect the User roles should work irrespective of EDIT Authorization setting at namespace and folder level where we can also restrict authorization based on user role created but this is additional. Ideally, User role alone should work is my understanding.
Is it correct ?
Thanks,
Firstly, many thanks for your replies to all my queries
Yes, I agree, what I meant by Edit authorization was
Defining Authorizations - Managing Services in the Enterprise Services Repository - SAP Library
Thanks for the confirmation that its not relevant.. I have done the same way as u mentioned.
Create role -> Add SWCV for restriction/inclusion and added role to user in NWA.
But not able to get this working.. User with assigned role still able to edit all.
so just wanted to confirm that I do not have to set this EDIT authorization feature along with User role
Thank
Closing the Thread as Issue is now resolved.
Resolution: acl property doesn't work individually but in combination with IB and IR properties.
Aii properties to be refreshed after modifying individual properties.
No ABAP roles to be assigned to the user. Only Java roles to be assigned from NWA->Identity manager.
Customized role and java developer role needed.
Thanks and Regards,
Amit Bhagwat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.