Insight Publisher – Authorization Guide
The SAP authorization concept protects transactions, programs, and services in SAP systems
from unauthorized access. To access business objects or execute SAP transactions, a user
requires corresponding authorizations, as business objects or transactions are protected by
Insight-SAP Products adeher SAP authorization with no exception!
Insight-SAP was designed to enable on-Production working thus, it was designed – bottom-up – with Authorization in mind. Note, that Insight-SAP fully adheres to the SAP authorization concept and uses it as its corner-stone. In no case, Insight-SAP will allow, authorization-wise, things that SAP standard does not.
Insight-SAP suite (Insight Creator and the additional modules IDoc Monitor+, and Changer, Insight Publisher and the additional module Excel-In) authorization was built on-top (and using) SAP authorization concept. Thus, whoever invokes a transaction using one of the suite’s products, must first have the Authorization needed to invoke that transaction.
Actually, using Insight-SAP tools, one may enforce additional authorization checks per objects (report/query/DB table). The checks could be done either at a Record level (just like it’s done by standard SAP code) and at a Column level.
The following SAP Authorization Roles are available:
- /DCM/PUBLISHER_ADMIN – For Insight Publisher Administrator.
- /DCM/PUBLISHER_GROUP_ADMIN – For Insight Publisher Group Administrator
- /DCM/PUBLISHER_USER – For Publisher User. This only reference role. Please fill in the relevant transaction code
The following SAP Authorization Objects are available:
- Transaction: /DCM/Publisher_adm
- Create the relevant Jobs groups in transaction /DCM/JOBGRP
- Maintain authorization object “/DCM/PBADM ” & “/DCM/PBDST” & ” /DCM/PBSNP” with relevant value. For Publisher manager maintain activity “*” for all/relevant jobs groups.
Authorization Object /DCM/PBADM now includes new capabilities as detailed below:
|Sub Object – /DCM/JOB||Activity|
|Job Group||01 Create
- Authorization Object /DCM/PBDST:
|Sub Object – /DCM/DEST||Sub Object – /DCM/DISTM||Activity|
|Domain Destination||D File Directory|
- Authorization Object /DCM/PBSNP:
|Sub Object – /DCM/SNGRP||Sub Object – /DCM/SNKEY||Activity|
|Snapshot Group|| |
- Authorization Object /DCM/TFILE :
|Object – /DCM|
|D’PROS Auth. Objects||Tabular File||16 (Execute) – Execution of file (Display file contents/ALV in /DCM/FILE_VIEW).
23 (Maintain) – Maintain Columns of file (when file is displayed in /DCM/FILE_VIEW).
70 (Administrator) – Assignment/maintenance of files in transaction /DCM/TFILE.