Curity Guide SAP Solution Manager 7.1 SP10
-
Upload
thirumalai-elumalai -
Category
Documents
-
view
1.426 -
download
1
Transcript of Curity Guide SAP Solution Manager 7.1 SP10
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
1/533
Security Guide for SAP Solution Manager 7.1
Target Audience
System administrators
Technology consultants
Application consultants
SAP Security Professionals
CUSTOMERDocument version: 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
2/533
Document History
CAUTION
Before you start the implementation and configuration of SAP Solution Manager, make sure you
have the latest version of this document. You can find the latest version at the following location:
http://service.sap.com/instguides SAP Components SAP Solution Manager .
The following table provides an overview of the most important document changes.SupportPackageStacks(Version) Date Description
SP10 General
Role enhancements for Infrastructure Roles: SAP_SYSTEM_REPOSITORY_*, and
SAP_SM_RFC_*, see section Authorization and Roles for Infrastructure.
Guide structure enhancement to the following individual sections:
Secure System Configuration (specifically relating to system configuration issues
in regard to security)
SAP Solution Manager Authorization Concept
User Interface (SAP NWBC 4.0not supported)
Landscape Setup Guide
Scenario-specific Guides
Overviews
User Authentication and Administration Tools:
new section about Solution Manager User Administration (SMUA) mass tool
enhanced section on Automatic User Creationin SOLMAN_SETUP(new fields User
Group, Namespace, Role Upload)
new section on password policy for SAP Solution Manager default users
Roles and Authorizations for Infrastructure and LMDBusage, see section on Roles
for Infrastructure and LMDB
New single roles SAP_SM_BP_*for Business Partner and Product assignment inLMDBand related queries.
New single role for LMDBDashboard SAP_SM_DASHBOARDS_DISP_LMDB
New authorization object check for LMDBRemote Access AI_LMDB_RE(included
in roles SAP_SYSTEM_REPOSITORY_*)
Adapted role SAP_SM_SOLUTION_ALL
Adapted role SAP_SOLMAN_DIRECTORY_*
Adapted role SAP_SM_RFC_ADMIN(added authorization object S_RFC_TT)
Adapted roles SAP_SYSTEM_REPOSITORY_* (primarily for authorization object
S_RFC)
Scenario-Specific Guides
Check out changes in the Document History for the following scenarios:
2/534 CUSTOMER 2013-10-31
http://service.sap.com/instguides -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
3/533
SupportPackageStacks(Version) Date Description
Custom-Code Life Cycle Management (CCA, CCML)
Business Process Operations
Business Process Change Analyser
Change Request Management
Incident Management
NOTE
Authorizations for ST-ICCare described in the according ST-ICC
Configuration Guide.
Solution Documentation Assistant
Test Management
Implementation (cProject ITPPMintegration)
Solution Manager Administration
Technical Monitoring
Technical Administration (IT Task Inbox and Guided Procedure)
Quality Gate Management
SAP Engagement and Service Delivery
Job Management
Important SAP Notes
1812046(Role Updates in case of CUA)
1830640(Roles for READ, TMW, and Back RFC Users)
1908051 (Roles for ST-PI (managed systems))
SAP TAO
Section on SAP TAO has been transferred to the SAP TAO Administrators Guide, see
on the Service Marketplace at: http://service.sap.com/saptao .
2013-10-31 CUSTOMER 3/534
http://service.sap.com/saptaohttp://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=1908051%20&_NLANG=en&_NVERS=0http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=1830640&_NLANG=en&_NVERS=0http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=1812046&_NLANG=en&_NVERS=0 -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
4/533
Table of Contents
Chapter 1 Security Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1 Target Group of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.3 How to Use this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.4 Links for Additional Components on the Service Marketplace . . . . . . . . . . . . 25
2.5 Using SAP Solution Manager as a Service Provider . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 3 Terminology as Used in SAP Solution Manager . . . . . . . . . . . . . . . . . . . . . 31
Chapter 4 Quick Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 5 Overviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.1 Overview: Capabilities/Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2 Overview: Solution Manager Functions Integration . . . . . . . . . . . . . . . . . . . . 40
5.3 Overview: Solution Manager Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.4 Overview: Solution Manager Technical RFC - Users per Scenario . . . . . . . . . . 42
5.5 Overview: Third Party Products to Be Used with Solution
Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Chapter 6 System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
6.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Chapter 7 Network and Communication Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.1 Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
7.2 Communication Channels and Communication Destinations . . . . . . . . . . . . 47
7.3 Internet Communication Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
7.4 Secure Socket Layer (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.5 HTTP Connect Service for SAP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.6 File Transfer Protocol (FTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.7 Use of Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
4/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
5/533
Chapter 8 User Administration and Authentication Tools . . . . . . . . . . . . . . . . . . . . 53
8.1 Basic SAP User Management Tools and User Types . . . . . . . . . . . . . . . . . . . . . 53
8.2 Automatic User Creation using Transaction SOLMAN_SETUP . . . . . . . . . . . . 578.3 Automatic Mass User Creation/Update using Solution Manager User
Administration (SMUA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
8.4 Passwords for Solution Manager Default Users . . . . . . . . . . . . . . . . . . . . . . . . 61
8.5 Secure Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
8.6 Integration into Single Sign-On Environments (SSO) . . . . . . . . . . . . . . . . . . . 62
Chapter 9 Authorization Concept for SAP Solution Manager . . . . . . . . . . . . . . . . . 63
9.1 User Definitions in SAP Solution Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
9.2 End - User Roles in SAP Solution Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
9.3 Configuration User Roles for SAP Solution Manager . . . . . . . . . . . . . . . . . . . . 72
9.4 Integration of Functions/Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
9.5 Authorizations and Roles for Infrastructure (LMDB, BP, Projects, Solutions,
Directory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
9.6 Work Center Navigation Role Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
9.7 Using SAP Solution Manager with Customer Relationship Management
(CRM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
9.8 Using SAP Solution Manager with Business Warehouse (BW) . . . . . . . . . . . . . 879.8.1 General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
9.8.2 BI - Reporting Data Extraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
9.8.3 Configuration of BW and Activation of BW - Content (Step by
Step) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
9.8.4 Diagnostics Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
9.8.5 BI - Reporting Authorizations and Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
9.8.6 Using BI - Dashboards for BI - Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
9.9 Authorizations for User Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
9.10 Critical RFC Connections and Authorization Objects . . . . . . . . . . . . . . . . . . 101
9.10.1 Generated RFC - Connection
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
9.10.2 Authorization Objects S_RFCACL and S_RFC_TT for Trusted
RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
9.10.3 Generated RFC - Connections READ, TMW and BACK . . . . . . . . . . . . . . . . 104
9.10.4 Authorization Object S_RFC and S_DEV_REMO . . . . . . . . . . . . . . . . . . . . . 104
9.10.5 Authorization Object S_TABU_DIS and S_TABU_CLI . . . . . . . . . . . . . . . . . 106
2013-10-31 CUSTOMER 5/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
6/533
9.10.6 Authorization Object S_TABU_NAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
9.10.7 Authorization Object S_DEVELOP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
9.11 How to Build Your Own Authorization Concept . . . . . . . . . . . . . . . . . . . . . . 108
Chapter 10 Using Central User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
10.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
10.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
10.3 Configuration Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
10.4 Configuration Integration in Transaction SOLMAN_SETUP . . . . . . . . . . . . . 117
Chapter 11 Additional Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Chapter 12 Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 13 Landscape Setup, Configuration, and Root Cause Analysis
Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
13.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
13.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
13.3 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
13.4 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 133
13.5 Required TCP/IP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13613.6 SAP Solution Manager Configuration Work Center / Transaction
SOLMAN_SETUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
13.7 Root Cause Analysis Work Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
13.8 Users Created During Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
13.8.1 Database User SAPDB [MANAGED.DB.USER] . . . . . . . . . . . . . . . . . . 141
13.8.2 OS Engine User [MANAGED.OS.SIDADM] . . . . . . . . . . . . . . . . . . . . . . . . . . 142
13.8.3 OS User Dedicated to the Diagnostics Agent ADMIN
[MANAGED.OS.AGTSIDADMIN] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
13.9 Users and Authorizations for SAP Solution Manager Configuration/
Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
13.9.1 Password Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
13.9.2 Configuration and Administration User SOLMAN_ADMIN
[SOLMAN.DUAL.ADMIN] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
13.9.3 Technical User SMD_AGT [SOLMAN.DUAL.AGTCOM] . . . . . . . . . . . . . . . . 147
13.9.4 Technical User SOLMAN_BTC [SOLMAN.DUAL.BTC] . . . . . . . . . . . . . . . . . 147
13.9.5 Technical User SM_EXTERN_WS [SOLMAN.DUAL.EXTERN] . . . . . . . . . . . 147
13.9.6 Technical User SM_INTERN_WS [SOLMAN.DUAL.EXTERN] . . . . . . . . . . . 148
6/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
7/533
13.9.7 Dialog User SAPSUPPORT [SOLMAN.DUAL.SAPSUPPORT]
[SOLMAN.BI.SUPPORT] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
13.9.8 Dialog User SAPSERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
13.9.9 Technical User SMD_RFC [SOLMAN_DOUBLE_SMDRFC] . . . . . . . . . . . . . 150
13.9.10 Technical User SEP_WEBSRV [SOLMAN.ABAP.WEBSRV] . . . . . . . . . . . . . . . 150
13.9.11 Technical User CONTENTSERV [SOLMAN.ABAP.CONTSERV] . . . . . . . . . . 150
13.9.12 Technical User for RFC - connection BACK
[MANAGING.ABAP.RFC] . . . . . . . . . . . . 150
13.9.13 User Wily Guest [SOLMAN.WILY.GUEST] . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
13.10 Users and Authorizations for Managed Systems . . . . . . . . . . . . . . . . . . . . . . . 151
13.10.1 NGAP - Based Managed Systems Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
13.10.2 Administrator User in ABAP: SM_ADMIN
[MANAGED.JAVA.ABAP.ADMIN] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
13.10.3 Administrator User in Java: SM_ADMIN_
[MANAGED.JAVA.ADMIN] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
13.10.4 Technical User SMDAGENT_ for Wily Host Agent
[MANAGED.ABAP.WILYAGT] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
13.10.5 Technical Users for RFC - Connections READ and TMW
[MANAGED.ABAP.RFC] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
13.10.6 SAPSUPPORT User [MANAGED.DUAL.SAPSUPPORT] . . . . . . . . . . . . . . . . . 155
13.10.7 Dialog User SAPSERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14913.10.8 Technical User SM_COLL_ . . . . . . . . . . . . . . . . . . . . . . . . . 157
13.10.9 J2EE Administrator J2EE_ADMIN [MANAGED.J2EE.ADMIN] . . . . . . . . . . . . 158
13.10.10 Administrator OS User [MANAGED.OS.ADMIN] . . . . . . . . . . . . . . . . . . . . . 158
13.10.11 Technical Users for CTC Configuration and Runtime Activation . . . . . . . . . 158
13.11 Users and Authorizations for BW Configuration . . . . . . . . . . . . . . . . . . . . . . 158
13.11.1 BW Administrator User SM_BW_ADMIN [SOLMAN.BI.ADMIN] . . . . . . . . . 159
13.11.2 Technical User SM_BW_ACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.11.3 Technical User SM_ EFWK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.11.4 Technical User SMD_BI_RFC [SOLMAN.BI.RFC] . . . . . . . . . . . . . . . . . . . . . 160
13.11.5 Technical User SM_ BW_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
13.11.6 Dialog User SAPSUPPORT [SOLMAN.DUAL.SAPSUPPORT]
[SOLMAN.BI.SUPPORT] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
13.11.7 Dialog User SAPSERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
13.11.8 Technical User BI_CALLBACK [SOLMAN.BI.CALLBACK] . . . . . . . . . . . . . . . 163
13.11.9 Diagnostics Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
13.12 Users and Authorizations for SLD and LMDB . . . . . . . . . . . . . . . . . . . . . . . . . 163
13.12.1 Technical User SLD_CS_USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
2013-10-31 CUSTOMER 7/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
8/533
13.12.2 Technical User SLDDSUSER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
13.12.3 Technical User for CTC Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
13.13 S-Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
13.13.1 S-User for SAP Backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
13.13.2 S-User for Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
13.14 Landscape Modelling and Infrastructure Roles . . . . . . . . . . . . . . . . . . . . . . . . 167
13.14.1 User Roles for System Landscape Infrastructure . . . . . . . . . . . . . . . . . . . . . . . 167
13.14.2 User Roles for Solutions, Projects, Solution Directory . . . . . . . . . . . . . . . . . . 169
13.14.3 User Roles f or System Landscape Verification . . . . . . . . . . . . . . . . . . . . . . . . . 172
13.15 User Role for TREX Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
13.16 Configuration User Roles for SAP Solution Manager . . . . . . . . . . . . . . . . . . . . 72
13.17 Business Partners Created During Configuration . . . . . . . . . . . . . . . . . . . . . . 174
13.18 Traces and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Chapter 14 Scenario-Specific Guide: Solution Manager Administration . . . . . . . . . 177
14.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
14.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
14.3 User Descriptions and User Roles in SAP Solution Manager . . . . . . . . . . . . . . 178
Chapter 15 Scenario-Specific Guide: Technical Monitoring . . . . . . . . . . . . . . . . . . . 183
15.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18315.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
15.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
15.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
15.3.2 Scenario Configuration Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
15.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 190
15.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
15.4 Work Center Technical Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
15.5 User Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
15.6 User Roles for System, Database, Host Monitoring, and Self -
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
15.6.1 First Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
15.6.2 Second Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . 197
15.7 User Roles for Process Integration - Monitoring and Message Flow -
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
15.7.1 First Level User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
15.7.2 Second Level Roles in SAP Solution Manager . . . . . . . . . . . . . . . . . . . . . . . . . 199
15.8 User Roles for End-User Experience Monitoring . . . . . . . . . . . . . . . . . . . . . . 200
8/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
9/533
15.8.1 First Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
15.8.2 Second Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . 201
15.9 User Roles for Business Intelligence Monitoring . . . . . . . . . . . . . . . . . . . . . . 202
15.9.1 First Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
15.9.2 Second Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . 203
15.10 User Roles for Interface (Channel) Monitoring . . . . . . . . . . . . . . . . . . . . . . . 204
15.10.1 First Level User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
15.10.2 Second Level Roles in SAP Solution Manager . . . . . . . . . . . . . . . . . . . . . . . . . 205
15.11 End-User Roles for Job Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
15.11.1 First Level User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
15.11.2 Second Level User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
15.12 User Roles for Infrastructure Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
15.12.1 First Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
15.12.2 Second Level User Description and User Role . . . . . . . . . . . . . . . . . . . . . . . . 209
15.13 Integration Visibility in Managed Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
15.14 Role for Technical Monitoring Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
15.15 Role for Technical Monitoring Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
15.16 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
15.17 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
15.18 Background Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Chapter 16 Scenario-Specific Guide: Maintenance Optimizer . . . . . . . . . . . . . . . . . . 217
16.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
16.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
16.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
16.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
16.3.2 Scenario Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
16.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 219
16.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
16.3.5 SAP Support Portal Contact in SAP Solution Manager (Table:
AISUSER) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
16.3.6 S-User Authorization for Maintenance Optimizer . . . . . . . . . . . . . . . . . . . . . 222
16.4 CRM Standard Customizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
16.5 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
16.5.1 User Descriptions and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
16.5.2 User Roles in Managed Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
16.5.3 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
16.6 System Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
2013-10-31 CUSTOMER 9/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
10/533
Chapter 17 Scenario-Specific Guide: Implementation and Upgrade . . . . . . . . . . . . . 227
17.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
17.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22817.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
17.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
17.3.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
17.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 230
17.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
17.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
17.4.1 User Descriptions and User Roles in the SAP Solution Manager . . . . . . . . . . . 235
17.4.2 User Descriptions and User Roles in Managed Systems . . . . . . . . . . . . . . . . . 247
17.4.3 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
17.5 User Roles for Additional Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
17.5.1 User Roles for Roadmap Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
17.5.2 User Roles for Activation of Business Functions . . . . . . . . . . . . . . . . . . . . . . . 250
17.5.3 User Roles for Custom Development Management Cockpit
(CDMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
17.5.4 User Roles for Upgrade Dependency Analyzer . . . . . . . . . . . . . . . . . . . . . . . . 252
17.5.5 User Roles for Customizing Comparison and Distribution . . . . . . . . . . . . . . 253
17.5.6 User Roles for BC-Set Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25317.5.7 User Roles for Help Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
17.5.8 Solution Maintenance via Work Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
17.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
17.7 External Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
17.7.1 Business Process Management Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
17.7.2 Enterprise Service Repository within Process Integration (PI) . . . . . . . . . . . . 259
17.7.3 SAP Productivity Pak by RWD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
17.7.4 Business Process Blueprinting Tool (BPB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
17.8 Traces and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Chapter 18 Scenario-Specific Guide: Solution Documentation Assistant . . . . . . . . 263
18.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
18.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
18.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
18.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
18.3.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
18.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 266
10/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
11/533
18.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
18.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
18.4.1 User Descriptions and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
18.5 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
18.6 Background Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Chapter 19 Scenario-Specific Guide: Test Management . . . . . . . . . . . . . . . . . . . . . . . 277
19.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
19.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
19.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
19.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
19.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
19.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 280
19.3.4 Technical Users for RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
19.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
19.4.1 User Descriptions and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
19.4.2 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
19.5 User Roles for Additional Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
19.5.1 User Roles for Test Workbench Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
19.5.2 User Roles for Extended Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
19.5.3 User Roles for CBTA (Component-Based Test Automation) . . . . . . . . . . . . . 30219.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
19.7 External Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
19.7.1 Tool with BC ECATT- Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
19.7.2 Q uality Center by HP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
19.7.3 IBM Rational Test Management Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Chapter 20 Scenario-Specific Guide: Business Process Change Analyzer . . . . . . . . . 311
20.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
20.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
20.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
20.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
20.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
20.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 315
20.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
20.4 CRM Standard Customizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
20.5 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
20.5.1 User Descriptions and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
2013-10-31 CUSTOMER 11/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
12/533
20.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Chapter 21 Scenario-Specific Guide: IT Service Management . . . . . . . . . . . . . . . . . . 325
21.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32621.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
21.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
21.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
21.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
21.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 330
21.3.4 Technical Users for RFCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
21.3.5 SAP Support Portal Contact in SAP Solution Manager (Table:
AISUSER) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
21.3.6 S-User Authorization for Service Desk and Expert on Demand . . . . . . . . . . . 335
21.4 CRM Standard Customizing for Solution Manager . . . . . . . . . . . . . . . . . . . . 335
21.5 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
21.5.1 User Descriptions and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
21.5.2 Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
21.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
21.7 External Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
21.7.1 External Service Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
21.8 Traces and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Chapter 22 Scenario-Specific Guide: Job Management . . . . . . . . . . . . . . . . . . . . . . . . 345
22.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
22.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
22.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
22.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
22.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
22.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 348
22.3.4 Technical User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
22.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
22.4.1 User Roles (Old) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
22.4.2 User Roles (New) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
22.5 Solution Maintenance via Work Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
22.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
22.7 External Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
22.7.1 SAP CPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
12/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
13/533
Chapter 23 Scenario-Specific Guide: SAP Engagement and Service
Delivery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
23.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36523.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
23.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
23.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
23.3.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
23.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 368
23.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
23.3.5 SAP Support Portal Contact in SAP Solution Manager (Table:
AISUSER) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
23.3.6 S-User Authorization for Service Desk and Expert on Demand . . . . . . . . . . . 335
23.3.7 S-User Authorization for Data Download from SAP . . . . . . . . . . . . . . . . . . . 375
23.3.8 Business Partners Created During Configuration . . . . . . . . . . . . . . . . . . . . . . 174
23.4 CRM Standard Customizing for Solution Manager . . . . . . . . . . . . . . . . . . . . 376
23.5 Recommended Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
23.5.1 User Descriptions and User Roles to Use the Work Center . . . . . . . . . . . . . . . 377
23.5.2 User Description and User Roles for Service Delivery (Premium
Engagement) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
23.5.3 Enterprise Service Reporting User - ES_REP_ . . . . . . . . . . . . . . . . . . . 38223.5.4 Supportability Performance Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
23.5.5 User Descriptions and User Integration Roles for Issue
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
23.5.6 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
23.6 Security Optimization Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
23.7 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Chapter 24 Scenario-Specific Guide: Technical Administration . . . . . . . . . . . . . . . . 387
24.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
24.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
24.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
24.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
24.3.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
24.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 390
24.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
24.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
24.4.1 User Descriptions and Roles for Technical Administration . . . . . . . . . . . . . . 392
2013-10-31 CUSTOMER 13/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
14/533
24.4.2 User Descriptions and Roles for IT Task Inbox and Guided
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
24.4.3 Service Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
24.4.4 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
24.5 Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
24.6 Traces and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Chapter 25 Scenario-Specific Guide: Business Process Operations . . . . . . . . . . . . . . 403
25.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
25.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
25.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
25.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
25.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
25.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 407
25.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
25.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
25.4.1 User Descriptions and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
25.5 User Roles for Additional Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
25.5.1 Dashboard User Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417
25.5.2 Solution Maintenance via Work Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
25.5.3 End-User Roles for CDC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41725.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
Chapter 26 Scenario-Specific Guide: Change Request Management . . . . . . . . . . . . . 419
26.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
26.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
26.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
26.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
26.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
26.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 424
26.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
26.4 CRM Standard Customizing for Solution Manager . . . . . . . . . . . . . . . . . . . . 428
26.5 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
26.5.1 Users and Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
26.5.2 Best Practice: Manage Import Authorizations in Managed Systems . . . . . . . . 436
26.5.3 User Roles for Additional Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
26.5.3.1 User Roles for Retrofit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
26.5.3.2 User Roles for Communication Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
14/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
15/533
26.5.3.3 User Roles for CTS- PlugIn Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
26.5.4 Main Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
26.6 System Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
26.7 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Chapter 27 Scenario-Specific Guide: Quality Gate Management . . . . . . . . . . . . . . . . 445
27.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
27.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
27.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
27.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
27.3.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
27.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 448
27.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
27.4 CRM Standard Customizing for Solution Manager . . . . . . . . . . . . . . . . . . . . 450
27.5 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
27.5.1 User Descriptions and User Roles in the SAP Solution Manager . . . . . . . . . . . 451
27.5.2 User Descriptions and User Roles in the Managed Systems . . . . . . . . . . . . . . 454
27.5.3 CTS-Integration User Roles in the SAP Solution Manager . . . . . . . . . . . . . . . 454
27.5.4 Critical Authorization Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
27.6 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Chapter 28 Scenario-Specific Guide: Configuration Validation . . . . . . . . . . . . . . . . 457
28.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
28.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
28.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
28.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
28.4.1 User Descriptions and User Roles in the SAP Solution Manager . . . . . . . . . . . 459
28.5 System Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Chapter 29 Scenario-Specific Guide: Data Volume Management . . . . . . . . . . . . . . . 463
29.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
29.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
29.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
29.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
29.3.2 Scenario Configuration User and User Roles . . . . . . . . . . . . . . . . . . . . . . . . . 466
29.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 467
29.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
29.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
2013-10-31 CUSTOMER 15/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
16/533
29.4.1 User and Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
29.4.2 Critical Authorization Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
29.5 Scenario Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Chapter 30 Scenario-Specific Guide: Custom - Code Life Cycle
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
30.1 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
30.2 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
30.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
30.3.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
30.3.2 Scenario Configuration User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
30.3.3 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 478
30.3.4 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
30.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
30.4.1 User Descriptions and User Roles in the SAP Solution Manager . . . . . . . . . . . 479
30.4.2 Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
30.5 Background Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Chapter 31 Measurement Platform and Enterprise Support Reporting . . . . . . . . . . 483
31.1 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
31.2 Document History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48431.3 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
31.3.1 Scenario Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
31.3.2 Communication Channels and Destinations . . . . . . . . . . . . . . . . . . . . . . . . . 484
31.3.3 Technical Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
31.4 Users and Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
31.4.1 SAP_SUGEN User [SOLMAN.ABAP.SUGEN] . . . . . . . . . . . . . . . . . . . . . . . . . 487
Chapter 32 Service Provider Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
32.1 Technical System Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
32.2 Service Provider Customer RFC-Connections . . . . . . . . . . . . . . . . . . . . . . . . 489
32.3 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
32.4 Service ProviderSpecific Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
32.5 Incident Management User Descriptions and User Roles for
Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
32.6 Solution Documentation User Descriptions and User Roles . . . . . . . . . . . . . 493
32.7 Work Centers for Service Provider Customers . . . . . . . . . . . . . . . . . . . . . . . . 494
32.8 Granting Work Center Access to Service Provider Customers . . . . . . . . . . . . 495
16/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
17/533
Chapter 33 Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
33.1 HowTo Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
33.1.1 SDN Wiki for Authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49733.1.2 How to Create Users and Business Partners . . . . . . . . . . . . . . . . . . . . . . . . . . 497
33.1.3 How to Administer Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
33.1.4 How to Create a User Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
33.1.5 How to Maintain Authorizations in Authorization Objects . . . . . . . . . . . . . . 502
33.1.6 How to Generate a Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
33.1.7 How to Assign Roles to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
33.1.8 How to Create Scenario Configuration Roles . . . . . . . . . . . . . . . . . . . . . . . . . 509
33.1.9 How to Upgrade Authorizations after Release Upgrade or Support Package
Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
33.1.10 How to Use an ST01 Trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
33.1.11 How to User Transaction SU24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
33.1.12 How to Translate Your Own Customizing Entries . . . . . . . . . . . . . . . . . . . . . 516
33.2 Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
33.2.1 Links for Additional Components on Service Marketplace . . . . . . . . . . . . . . . 517
33.2.2 SAP Notes as Mentioned in the IMG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
33.3 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
33.3.1 Terminology: System Landscape and Related Terms . . . . . . . . . . . . . . . . . . . 52133.3.2 Terminology: Solution and Related Terms . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Chapter A Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
A.1 The Main SAP Documentation Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
2013-10-31 CUSTOMER 17/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
18/533
This page is left blank for documentsthat are printed on both sides.
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
19/533
1 Security Guide
CAUTION
Usage Rights for SAP Solution Manager Enterprise Edition
The extent of the usage of the software package SAP Solution Manager 7.1 depends upon the
type of maintenance contract you have signed. If you have a signed contract for:
SAP Enterprise Support
Product Support for Large Enterprises
SAP Premium Support
SAP MaxAttention
you are authorized to use all functions in the software package, without any restrictions.
If you have signed exclusively standard support contracts, you are allowed to install this software
package, but you are only allowed to use a restricted functionality. You are not allowed to use
the following Enterprise Edition functions:
Business Process Change Analyzer
Quality Gate Management
Custom Development Management Cockpit
This Security Guide is updated in the SAP Service Marketplace at: http://service.sap.com/
instguides SAP Components SAP Solution Manager ) with every Support Package.
For any issues with security, authorizations, roles, and user management for SAP Solution Manager
use SV-SMG-AUT.
Integration
Security topics are relevant for the following phases:
Installation and Upgrade
Configuration
Operation
RECOMMENDATION
Use this guide during all phases. For a detailed overview of which documentation is relevant for
each phase, see guides reference on the Service Marketplace at: http://service.sap.com/
instguides SAP Components SAP Solution Manager 7.1 .
1 Security Guide
2013-10-31 CUSTOMER 19/534
http://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguides -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
20/533
More Information
For a complete list of the available SAP Security Guides, see the SAP Service Marketplace: http://
service.sap.com/securityguides
1 Security Guide
20/534 CUSTOMER 2013-10-31
http://service.sap.com/securityguideshttp://service.sap.com/securityguides -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
21/533
2 Introduction
2.1 Target Group of This Guide
The purpose of SAP Solution Manager is to provide an administration, and implementation
environment, to allow for better managing your systems and business processes in a transparent way.
The target groups of this guide are readers who are familiar with SAP Solution Manager and
configuration procedures in an implementation and/or upgrade project, that is technical consultants,
system administrators and/or application consultants.
technology consultants: working with technical processes supported by SAP software during
implementation, when deciding which settings to make
system administrators: optimizing the SAP Solution Manager system during and after
implementation
application consultants: mapping a companys actual business processes to the processes and
functions supported by SAP software during implementation, and when deciding which settings
to make
SAP Security Professionals: securing the system landscape settings
2.2 Getting Started
This security guide provides you with an overview of the security-relevant information that applies to
SAP Solution Manager 7.1 as of SP01and higher. Since SAP Solution Manager covers several scenarios,
this document first provides general security recommendations for SAP Solution Manager in a so called
Core Guide followed by specific security guidelines for the individual capabilities.
In other words, this guide consists of a main guide, the core guide, containing general information on
how to execute on authorizations and roles within SAP Solution Manager, such as authorizations
concept and integration as well as user management functions. The Specific Scenario Guidesare
descriptions of the delivered scenarios in analogy to the work centers and configuration view structure
in transaction SOLMAN_SETUP.
The SAP Solution Manager IMGcomprises several nodes for configuration, see configuration guide for
SAP Solution Manager for more information. Scenario configuration is done during Capabilities
configuration. This graphic references the IMGas delivered with SAP Solution Manager 7.1 as of SP02.
The structure can change when delivered with further SPs, due to changes or additions in capabilities.
Therefore, this graphic only represents an example for IMGstructure.
2 Introduction
2.1 Target Group of This Guide
2013-10-31 CUSTOMER 21/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
22/533
Authorization assignments or specific user creation for scenarios are described in the according IMG
activities, which are referenced as well in the scenario - specific security guides.
The initial configuration, or Basic Configuration, references to the automated basic configuration using
transaction SOLMAN_SETUPor Solution Manager Configuration work center.
RECOMMENDATION
We recommend to always use this security guide in combination with transaction
SOLMAN_SETUPand the Implementation Reference Guide (IMG) for configuration.
Which topics are covered in the core guide
The following topics are covered in this core security guide:
Target Group: Who should use this guide
How to use this guide: How should different user groups use this guide effectively?
Links to additional components: Where can you find further information for functions, tools,
and third party product which are not covered in this guide?
Using Solution Manager as Service Provider: How to use this guide as a Service Provider?
Terminology: How are specific terms to be understood in this guide?
System Landscape
Security Dependencies: Which additional dependencies have to be taken into account?
Network and Communication Security: How should your network be built up?
User Management Tools: Which tools are used within SAP Solution Manager to create users?
Central User Administration: How to set up CUAin Solution Manager?
Secure Storage
Integration into Single Sign-On Environments
Authorization Integration Concept: How is the authorization concept for SAP Solution
Manager defined?
User Definitions: How do we define users?
User Roles: How do we define user roles?
Data Storage
What should you know in advance
If you have little or no knowledge concerning security and authorization concepts, start with
reading the general documentation for authorizations at SAP. This topic is not covered in this guide
and is regarded as a prerequisite. In addition, before using this guide you should familiarize yourself
with the respective Master Guide for SAP Solution Manager, and general user and authorization
information for SAP NetWeaver systems: Transaction SPRO SAP Customer Reference Guide SAP
NetWeaver Application Server System Administration User and Authorization.
2 Introduction
2.2 Getting Started
22/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
23/533
2.3 How to Use this Guide
Setting up an authorization concept for your own company for SAP Solution Manager is not simple.
It requires approaching the topic from a technical as well as content - oriented perspective.
Authorizations are strongly tied to configuration topics for certain scenarios, as well as security relevant
technical information. The knowledge for these sectors is seldom found within one department at the
customer's side, as technical and application components must be aligned for a successful concept.
Especially with SAP Solution Manager this is important, as the product is aimed at the support for the
life - cycle of systems (maintained by technical staff), but also the life - cycle of solutions (maintained
by application - oriented staff).
Therefore, as described in the former section, this guide is directed to differing groups with different
focus on SAP Solution Manager. These groups can be organizationally divided.
This guide addresses the resulting differing ways of approaching authorizations and their maintenancefrom a content oriented view (for instance application consultant), and a technically oriented view
(for instance system administrator).
RECOMMENDATION
To set up a stable authorization concept, both views are to be considered, and involved.
The following sections give you a short guidance to how to use this guide, depending on your main
tasks when setting up an authorization concept or authorization roles for SAP Solution Manager.
How to use the guide from a technically - oriented perspective
What do we mean by technical perspective? The technical perspective means, that you should know how
to apply an authorization concept in an SAP system effectively. You know how to handle transactions
PFCG,SU01, and roles and profile generation. This implies that you are familiar with the SAP role concept
and its specifics, such as for instance profiles SAP_ALLand SAP_NEW.
It also includes a basic technical background knowledge of the SAP Solution Manager system and its
landscape structure, such as Business Warehouse (BW) integration or the handling of the System
Landscape Directory (SLD) specifics. The maintenance of roles and authorizations depends on this
knowledge.
In addition, you should have a basic idea about the basic configuration of the SAP Solution Manager
system, and its managed systems.
From a Technical Perspective (Recommendation)
Step Section Remark
1 Core Guide This guide includes all relevant information to know about the SAP
Solution Manager authorization concept, overall topics such as
clients to be used, setup information, and so on.
2 Setup Landscape Guide If the system is initially installed or upgraded, most users and
authorizations need to be adapted. This guide contains all
2 Introduction
2.3 How to Use this Guide
2013-10-31 CUSTOMER 23/534
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
24/533
Step Section Remark
information on basic system landscape setup, users, and
authorizations needed to run SAP Solution Manager
3 Scenario-specific Guides Each scenario-specific guide contains roles for users, which can be
assigned to users. These roles are recommendations of SAP. For each
scenario, or function a so called ALLor ADMIN(administration) role is
delivered. This role contains full authorization for a specific scenario.
In addition, SAP delivers a so calledDISP(display) role, which contains
only display authorizations for the respective scenario. If your
company's business processes are different to the recommended SAP
process, these roles need to be adapted. Your application consultant
should define the applicable roles to be used. If the definition differs,
according authorization objects must be maintained.
4 Glossary in this guide,
Transaction SUIMin the
system, WIKIforAuthorizations
If you need to maintain authorization objects, you may check the
mentioned information sources on individual authorization objects,
and how they relate to functions.The glossarygives you an overview of all roles mentioned in this
guide with the main authorization objects included in these roles.
In transaction SUIM, you can search for individual authorization
objects and read their documentation.
The new WIKI page for authorizations in SAP Solution
Managercovers many of the relevant authorization objects for
Solution Manager with according use cases, such as how should the
authorization object be maintained to restrict certain functions. The
use cases are more or less taken from customer situations.
5 HowTosection This section covers how-to guides for technical as well as content -
oriented tasks.
How to use the guide from a content - oriented perspective
What do we mean by content - oriented perspective? The SAP Solution Manager is an SAP product that supports
your business. Roles and authorization objects are delivered to allow your end - users to work within
the limits of their tasks. In other words, they should only be allowed to execute and see what they need
in their daily work. These tasks depend on your specific business processes. As a logical consequence,
the authorizations and roles assigned to your users depend heavily on the business processes you deploy,
and are depending on the configuration of your system accordingly. The concept of your configuration
needs to be considered for the concept of your authorizations. Although we deliver template roles for
your use, they can hardly ever be applied without modification to your business. Therefore, before
tailoring authorizations or using SAP template roles, you need to consider your business processes, the
content of your business.
From a Content - Oriented Perspective (Recommendation)
Step Section Remark
1 Core Guide This guide includes all relevant information to know about the SAP
Solution Manager authorization concept, overall topics such as
clients to be used, setup information, and so on.
2 Introduction
2.3 How to Use this Guide
24/534 CUSTOMER 2013-10-31
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
25/533
Step Section Remark
2 Setup Landscape Guide If the system is initially installed or upgraded, most users and
authorizations need to be adapted. This guide contains all
information on basic system landscape setup, users, and
authorizations needed to run SAP Solution Manager. It gives you anoverview on which scenarios should be running out-of-the-box
after the setup is done.
3 Scenario-specific Guides Each scenario-specific guide contains roles for users, which can be
assigned to users. These roles are recommendations of SAP. If the
definition differs, according authorization objects must be
maintained. You need to discuss which authorizations must be
maintained in these cases with the person responsible for the technical
implementation of the authorization concept.
All roles are delivered according to a specific user definition. This user
definition gives you an overview of which tasks the user is authorized
if the SAP delivered template roles are used.4 HowTosection This section covers how-to guides for technical as well content -
oriented tasks.
How to use this guidewhen upgrading from Release 7.0 to 7.1
1. Read the SAP Solution Manager Upgrade Guide first, for information see section Additional Links.
2. Check out the Document Historyfor the specific scenarios you are using.
3. Check for updates in transaction SOLMAN_SETUP.
4. Activate the Release Noteinfo button in the IMGto display all information icons for new release
features for the configuration of the specific scenarios.
5. If required, read additional guides for additional functions and tools.
NOTE
If you are already acquainted with the authorization concept in SAP Solution Manager, we
strongly recommend to read the Document Historyfor changes in roles and authorization objects,
and in addition the Operations Guide for SAP Solution Manageron the Service Marketplace at: http://
service.sap.com/instguides SAP Components SAP Solution Manager. .
2.4 Links for Additional Components on the ServiceMarketplace
Your Solution Manager system is the platform for administrative tasks in implementing, operating
and upgrading systems in your system landscape. It relies heavily on mandatory and optional
components implemented in addition to SAP Solution Manager. This guide cannot describe all relevant
details for integrated components, like third party product or other SAP components. We refer
therefore to the applicable guides, Service Marketplace links, or IMG- activities as relevant information
sources.
2 Introduction
2.4 Links for Additional Components on the Service Marketplace
2013-10-31 CUSTOMER 25/534
http://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguides -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
26/533
The following table gives you an overview of these additional components, where to find more details,
and what they are used for in connection with SAP Solution Manager.
RECOMMENDATIONTo ensure a smooth integration of these components, familiarize yourself with their installation,
configuration, and operation if needed.
Additional Information on SAP Solution Manager
Component Where in the Service Marketplace? And Additional Sources
Master Guide for SAP
Solution Manager
http://service.sap.com/instguides SAP Components SAP Solution Manager
7.1
Upgrade Guide for SAP
Solution Manager
http://service.sap.com/instguides SAP Components SAP Solution Manager
7.1
Operations Guide for SAPSolution Manager
http://service.sap.com/instguides SAP Components SAP Solution Manager7.1
Installation Guide for SAP
Solution Manager
http://service.sap.com/instguides SAP Components SAP Solution Manager
7.1
Implementation
Reference Guide for SAP
Solution Manager
no link, see transactionsSOLMAN_SETUPandSPROin the SAP Solution Manager system
Solution Manager
Diagnostics
http://service.sap.com/diagnostics
IMGprojects and project
IMG
s
How to Create Customizing Projects and Project IMGson the Service Marketplace: http://
service.sap.com/solutionmanager
Media Library Technical Papers.
Additional Information on Infrastructure
Component Where in the Service Marketplace?
Guide Landscape
Management Database
http://service.sap.com/instguides SAP Components SAP Solution Manager
Release 7.1 Additional Guides
System Landscape
Directory (SLD)
http://service.sap.com/sld
or http://sdn.sap.com SAP NetWeaver Capabilities Lifecycle Management
Application Management System Landscape Directory
NOTE
Transaction SOLMAN_SETUPin the SAP Solution Manager system
Software Life-Cycle
Manager (SLM)
http://service.sap.com/slmand http://help.sap.com/nw70 Functional View
Solution Life Cycle Management Software Life Cycle Management
NOTE
Information and Configuration Prerequisites Change Control scenario
(technical name: SOLMAN_MOPZ_SLM_INFO)
Adobe Document Services
(ADS)
http://service.sap.com/adobe
NOTE
Information and Configuration Prerequisites ADS setup (technical name:
SOLMAN_ADS_INFO)
2 Introduction
2.4 Links for Additional Components on the Service Marketplace
26/534 CUSTOMER 2013-10-31
http://service.sap.com/adobehttp://help.sap.com/nw70http://service.sap.com/slmhttp://sdn.sap.com/http://service.sap.com/sldhttp://service.sap.com/instguideshttp://service.sap.com/solutionmanagerhttp://service.sap.com/solutionmanagerhttp://service.sap.com/diagnosticshttp://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguideshttp://service.sap.com/instguides -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
27/533
Component Where in the Service Marketplace?
One Transport Order service.sap.com/solutionmanager Media Library Technical Papers
TREX http://help.sap.com/nw2004s
NOTE
Information and Configuration Prerequisites TREX(technical name:
SOLMAN_TREX_INFO)
Master Data Management
(MDM) MDM
Administration Cockpit
http://service.sap.com/mdm and http://service.sap.com/installmdm
SAP NetWeaver
Administrator
http://service.sap.com/nwa
Adaptive Controlling
(ACC) for general information http://sdn.sap.com/irj/sdn/adaptive
for application help, such as starting and stopping an application service:
http://help.sap.com for installation information http://service.sap.com/instguides
Application help for
security topics connected
to ICF services
http://help.sap.com/nw07
System security for SAP
NetWeaver ABAPand Java
(Help setting up system
security for ABAPand Java)
http://service.sap.com/security Media Library Literature
Current list of ports used
by SAP
http://service.sap.com/security Infrastructure Security TCP/IP Ports Used by
SAP Applications .
Diagnostics http://service.sap.com diagnostics .
Authorization object
S_RFCACL
http://help.sap.com/nw70
Auditing and Logging http://help.sap.com Search Documentation , search for Auditing and Logging.
Web Dispatcher See according Help documentation for Web Dispatcher step in transaction
SOLMAN_SETUP
Additional Information on Business Warehouse Integration
Component Where in the Service Marketplace?
Business Warehouse (BW) http://service.sap.com/bi
NOTE
Information and Configuration Prerequisites BW(technical name:
SOLMAN_BI_CLIENT_INF)
Additional Information on Third Party
Component Where in the Service Marketplace?
SAP Quality Center by HP http://service.sap.com/solutionmanager SAP Quality Center by HP
2 Introduction
2.4 Links for Additional Components on the Service Marketplace
2013-10-31 CUSTOMER 27/534
http://service.sap.com/solutionmanagerhttp://service.sap.com/bihttp://help.sap.com/http://help.sap.com/nw70http://service.sap.com/http://service.sap.com/securityhttp://service.sap.com/securityhttp://help.sap.com/nw07http://service.sap.com/instguideshttp://help.sap.com/http://sdn.sap.com/irj/sdn/adaptivehttp://service.sap.com/nwahttp://service.sap.com/installmdmhttp://service.sap.com/mdmhttp://help.sap.com/nw2004shttp://service.sap.com/solutionmanager -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
28/533
Component Where in the Service Marketplace?
NOTE
Information and Configuration Prerequisites Third Party (technical name:
SOLMAN_THIRDPARTY_IN)
SAP Redwood Job
Scheduling
service.sap.com/job-scheduling
NOTE
Information and Configuration Prerequisites Third Party (technical name:
SOLMAN_THIRDPARTY_IN)
SAP TAO http://service.sap.com/saptao
Wily Introscope User
Administration
Introscope Installation for SAP Introscope Version 8.0 Installation Guide for SAP.
NOTE
See SAP Note 797147
Used in Root Cause Analysis and Technical Monitoring Work Center
Additional Information on User Management
Component Where in the Service Marketplace?
User Management Engine
(UME)
http://help.sap.com/saphelp_nw04
/helpdata/6a/d39b3e09cdf313e10000000a114084/frameset.htm
Central User
Administration (CUA)
http://help.sap.com/saphelp_nw73
/helpdata/en /23/cbce3b1bc7fa20e10000000a114084/frameset.htm
NOTE
You can find the complete CUAconfiguration guide on the Service Marketplace
at: http://help.sap.comSingle Sign-On http://service.sap.com/sso-smp.
Additional Information on other SAP Product
Component Where in the Service Marketplace?
PI Security Guide http://help.sap.com/saphelp_nw04 /helpdata/en/
58 /d22940cbf2195de10000000a1550b0/frameset.htm
Additional Information on Roles Management
Component Where in the Service Marketplace?
SAP NW Guide for PFCG general PFCG link
Details about OBN navigation inSAP NWBC https://wiki.wdf.sap.corp/wiki/display /NWBC/
Documentation .
on roles for SAP Change and Transport Analysis
Sessions
SAP Note 1074808
2.5 Using SAP Solution Manager as a Service Provider
As a Service Provider, you provide services to your customers using SAP Solution Manager. The Service
Provider scenario extends the SAP Solution Manager standard scenario setup for specific customer
contexts.
2 Introduction
2.5 Using SAP Solution Manager as a Service Provider
28/534 CUSTOMER 2013-10-31
http://help.sap.com/http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=SAP%20Note%201074808&_NLANG=en&_NVERS=0http://localhost/var/www/apps/conversion/tmp/scratch_10/NWBC/Documentationhttp://localhost/var/www/apps/conversion/tmp/scratch_10/NWBC/Documentationhttps://wiki.wdf.sap.corp/wiki/displayhttp://localhost/var/www/apps/conversion/tmp/scratch_10/d22940cbf2195de10000000a1550b0/frameset.htmhttp://localhost/var/www/apps/conversion/tmp/scratch_10/helpdata/en/58http://localhost/var/www/apps/conversion/tmp/scratch_10/helpdata/en/58http://help.sap.com/saphelp_nw04http://service.sap.com/sso-smphttp://help.sap.com/http://localhost/var/www/apps/conversion/tmp/scratch_10/23/cbce3b1bc7fa20e10000000a114084/frameset.htmhttp://localhost/var/www/apps/conversion/tmp/scratch_10/helpdata/enhttp://help.sap.com/saphelp_nw73http://localhost/var/www/apps/conversion/tmp/scratch_10/helpdata/6a/d39b3e09cdf313e10000000a114084/frameset.htmhttp://help.sap.com/saphelp_nw04http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=SAP%20Note%20797147&_NLANG=en&_NVERS=0http://service.sap.com/saptaohttp://service.sap.com/job-scheduling -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
29/533
Figure 1: Customer Contexts
If your SAP Solution Manager is used for one of the above contexts, you can use it as a Service Provider.
For this purpose you would also need to add some additional configuration and specific authorizations
for you, as the Service Provider, and your customers/subsidiaries.
See the section Service Provider and Service Provider Customer Specification.
For more information on Service Provider scenarios and definition, see the master guide for SAP
Solution Manager in the Service Marketplace: http://service.sap.com/instguides SAP
Components SAP Solution Manager .
2 Introduction
2.5 Using SAP Solution Manager as a Service Provider
2013-10-31 CUSTOMER 29/534
http://service.sap.com/instguides -
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
30/533
This page is left blank for documentsthat are printed on both sides.
-
7/14/2019 Curity Guide SAP Solution Manager 7.1 SP10
31/533
3 Terminology as Used in SAP SolutionManager
This section gives you an overview of the main terms used in this security guide. It refers only to
terminology specifically used in regard to SAP Solution Manager. It does not cover overall SAP
terminology. For more detail on SAP terminology, refer to the SAPterm.
General SAP Solution Manager Guide Terminology
Term Definition as Used in This GuideSynonyms as Could beUsed by Other Sources
Core Security Guide In the Core Security Guide you find all sections
referring to conceptual issues concerning the
security for SAP Solution Manager. In contrast to
the more specific scenario guides, it outlines
prerequisites for dealing with the landscape setup
or operation of SAP Solution Manager in this
regard.
Main Guide, Main
Security Guide
Scenario - Specific Guide In analogy to the configuration structure in
transaction SPRO, each capability is regarded as a
separate scenario. For each scenario, you find theaccording information forRFC connections,
users, configuration, and so on in the scenario -
specific guides. Due to the nature of SAP Solution
Manager as an end-to-end platform, you find as
well sections for scenario integrations, and the
integration with external products.
Scenario Guides
User Management
Term Definition as Used in This GuideSynonyms as Could beUsed by Other Sources
User A user is a person working in the system with auser ID.
human user, end - user
Technical User The technical user is the overall term for users
which are not dialog users in the system. They can
be service users, system users, or communication
users. The user types are explained in more d