Search for answers or browse our knowledge base.
Insight Publisher – Authorization Guide
Overview
The SAP authorization concept protects transactions, programs, and services in SAP systems
from unauthorized access. To access business objects or execute SAP transactions, a user
requires corresponding authorizations, as business objects or transactions are protected by
authorization objects.
Insight-SAP Products adeher SAP authorization with no exception!
Insight-SAP was designed to enable on-Production working thus, it was designed – bottom-up – with Authorization in mind. Note, that Insight-SAP fully adheres to the SAP authorization concept and uses it as its corner-stone. In no case, Insight-SAP will allow, authorization-wise, things that SAP standard does not.
Insight-SAP suite (Insight Creator and the additional modules IDoc Monitor+, and Changer, Insight Publisher and the additional module Excel-In) authorization was built on-top (and using) SAP authorization concept. Thus, whoever invokes a transaction using one of the suite’s products, must first have the Authorization needed to invoke that transaction.
Actually, using Insight-SAP tools, one may enforce additional authorization checks per objects (report/query/DB table). The checks could be done either at a Record level (just like it’s done by standard SAP code) and at a Column level.
Authorization Roles
The following SAP Authorization Roles are available:
- /DCM/PUBLISHER_ADMIN – For Insight Publisher Administrator.
- /DCM/PUBLISHER_GROUP_ADMIN – For Insight Publisher Group Administrator
- /DCM/PUBLISHER_USER – For Publisher User. This only reference role. Please fill in the relevant transaction code
The following SAP Authorization Objects are available:
- Transaction: /DCM/Publisher_adm
- Create the relevant Jobs groups in transaction /DCM/JOBGRP
- Maintain authorization object “/DCM/PBADM ” & “/DCM/PBDST” & ” /DCM/PBSNP” with relevant value. For Publisher manager maintain activity “*” for all/relevant jobs groups.
Authorization Object /DCM/PBADM now includes new capabilities as detailed below:
| Sub Object – /DCM/JOB | Activity |
|---|---|
| Job Group | 01 Create 02 Change 03 Display 06 Delete 16 Execute 43 Release 60 Import 61 Export 70 Administer 81 Schedule 90 Copy PU Publish |
- Authorization Object /DCM/PBDST:
| Sub Object – /DCM/DEST | Sub Object – /DCM/DISTM | Activity |
|---|---|---|
| Domain Destination | D File Directory F FTP M Email P SMS S Snapshot | 10 Post |
- Authorization Object /DCM/PBSNP:
| Sub Object – /DCM/SNGRP | Sub Object – /DCM/SNKEY | Activity |
|---|---|---|
| Snapshot Group | Snapshot Key | 01 Create 02 Change 03 Display 06 Delete 16 Execute 70 Administer |
- Authorization Object /DCM/TFILE :
| Object – /DCM | ||
|---|---|---|
| D’PROS Auth. Objects | Tabular File | 16 (Execute) – Execution of file (Display file contents/ALV in /DCM/FILE_VIEW). 23 (Maintain) – Maintain Columns of file (when file is displayed in /DCM/FILE_VIEW). 70 (Administrator) – Assignment/maintenance of files in transaction /DCM/TFILE. |