Table of Contents
Overview
The SAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects.
Insight Zap Products adhere to SAP authorization with no exception!
Insight Zap was designed to enable on-Production working thus, it was designed – bottom-up – with Authorization in mind. Note, that Insight Zap fully adheres to the SAP authorization concept and uses it as its corner-stone. In no case, Insight Zap will allow, authorization-wise, things that SAP standard does not.
Insight Zap suite (Insight Creator and the additional modules IDoc Monitor+, and Changer, Insight Publisher and the additional module Excel-In) authorization was built on-top (and using) SAP authorization concept. Thus, whoever invokes a transaction using one of the suite’s products, must first have the Authorization needed to invoke that transaction.
Actually, using Insight Zap tools, one may enforce additional authorization checks per object (report/query/DB table). The checks could be done either at a Record level (just like it’s done by standard SAP code) and at a Column level.
Authorization Roles
The following SAP Authorization Roles are available:
- /DCM/PUBLISHER_ADMIN – For Insight Publisher Administrator.
- /DCM/PUBLISHER_GROUP_ADMIN – For Insight Publisher Group Administrator
- /DCM/PUBLISHER_USER – For Publisher User. This is the only reference role. Please fill in the relevant transaction code
The following SAP Authorization Objects are available:
- Transaction: /DCM/Publisher_adm
- Create the relevant Jobs groups in transaction /DCM/JOBGRP
- Maintain authorization object “/DCM/PBADM ” & “/DCM/PBDST” & ” /DCM/PBSNP” with relevant value. For Publisher manager maintain activity “*” for all/relevant jobs groups.
Authorization Object /DCM/PBADM now includes new capabilities as detailed below:
| Sub Object – /DCM/JOB | Activity |
| Job Group | 01 Create
02 Change 03 Display 06 Delete 16 Execute 43 Release 60 Import 61 Export 70 Administer 81 Schedule 90 Copy PU Publish |
- Authorization Object /DCM/PBDST:
| Sub Object – /DCM/DEST | Sub Object – /DCM/DISTM | Activity |
| Domain Destination | D File Directory
F FTP M Email P SMS S Snapshot |
10 Post |
- Authorization Object /DCM/PBSNP:
| Sub Object – /DCM/SNGRP | Sub Object – /DCM/SNKEY | Activity |
| Snapshot Group | Snapshot Key | 01 Create
02 Change 03 Display 06 Delete 16 Execute 70 Administer |
- Authorization Object /DCM/TFILE :
| Object – /DCM | ||
| Dpro Auth. Objects | Tabular File | 16 (Execute) – Execution of file (Display file contents/ALV in /DCM/FILE_VIEW).
23 (Maintain) – Maintain Columns of file (when file is displayed in /DCM/FILE_VIEW). 70 (Administrator) – Assignment/maintenance of files in transaction /DCM/TFILE. |
