How Can We Help?

Search for answers or browse our knowledge base.

Documentation | Demos | Support

< All Topics
Print

Insight Publisher – Authorization Guide

Overview

The SAP authorization concept protects transactions, programs, and services in SAP systems
from unauthorized access. To access business objects or execute SAP transactions, a user
requires corresponding authorizations, as business objects or transactions are protected by
authorization objects.

Insight-SAP Products adeher SAP authorization with no exception!

Insight-SAP was designed to enable on-Production working thus, it was designed – bottom-up – with Authorization in mind. Note, that Insight-SAP fully adheres to the SAP authorization concept and uses it as its corner-stone. In no case, Insight-SAP will allow, authorization-wise, things that SAP standard does not.

Insight-SAP suite (Insight Creator and the additional modules IDoc Monitor+, and Changer, Insight Publisher and the additional module Excel-In) authorization was built on-top (and using) SAP authorization concept. Thus, whoever invokes a transaction using one of the suite’s products, must first have the Authorization needed to invoke that transaction.

Actually, using Insight-SAP tools, one may enforce additional authorization checks per objects (report/query/DB table). The checks could be done either at a Record level (just like it’s done by standard SAP code) and at a Column level.

Authorization Roles

The following SAP Authorization Roles are available:

  • /DCM/PUBLISHER_ADMIN – For Insight Publisher Administrator.
  • /DCM/PUBLISHER_GROUP_ADMIN – For Insight Publisher Group Administrator
  • /DCM/PUBLISHER_USER – For Publisher User. This only reference role. Please fill in the relevant transaction code

The following SAP Authorization Objects are available:

  • Transaction: /DCM/Publisher_adm
    • Create the relevant Jobs groups in transaction /DCM/JOBGRP
    • Maintain authorization object “/DCM/PBADM ” & “/DCM/PBDST” & ” /DCM/PBSNP”  with relevant value. For Publisher manager maintain activity “*” for all/relevant jobs groups.

Authorization Object /DCM/PBADM now includes new capabilities as detailed below:

Sub Object – /DCM/JOBActivity
Job Group01 Create

02 Change

03 Display

06 Delete

16 Execute

43 Release

60 Import

61 Export

70 Administer

81 Schedule

90 Copy

PU Publish

 

  • Authorization Object /DCM/PBDST:
Sub Object – /DCM/DESTSub Object – /DCM/DISTMActivity
Domain DestinationD File Directory

F FTP

M Email

P SMS

S Snapshot
10 Post

 

  • Authorization Object /DCM/PBSNP:
Sub Object – /DCM/SNGRPSub Object – /DCM/SNKEYActivity
Snapshot Group

Snapshot Key
01 Create

02 Change

03 Display

06 Delete

16 Execute

70 Administer

 

  • Authorization Object /DCM/TFILE :
Object – /DCM  
D’PROS Auth. ObjectsTabular File16 (Execute) – Execution of file (Display file contents/ALV in /DCM/FILE_VIEW).

23 (Maintain) – Maintain Columns of file (when file is displayed in /DCM/FILE_VIEW).

70 (Administrator) – Assignment/maintenance of files in transaction /DCM/TFILE.