SolMan Roles for Basis

Former Member · ‎07-13-2010

Hi,

What roles should a Basis person have in SolMan prod? We are implementing SM7 and have 2 Solman environments - dev and prod. The main use for this right now is the Maintenance Optimizer and no one outside of Basis and Security have access to these boxes. So far, the following roles have been used which we have renamed into our namespace:

SAP_MAINT_OPT_ADMIN

SAP_SM_BATCH

SAP_SM_SOLUTION_ALL

SAP_SMSY_ALL

SAP_SMSY_CTC_RT

SAP_SMSY_DIS

SAP_SMWORK_BASIC

SAP_SMWORK_BPM

SAP_SMWORK_CHANGE_MAN

SAP_SMWORK_LANDSCAPE_MAN

SAP_SMWORK_SETUP

SAP_SMWORK_SYS_ADMIN

SAP_SMWORK_SYS_MON

SAP_SOL_LEARNING_MAP_DIS

SAP_S_RFCACL

When we go live, what roles should they have? Should they be allowed to have SAP_ALL in prod?

Thanks,

Beth

Former Member · ‎07-13-2010

Hi you will have to group your roles based on what the teams need,

The best bet would be please login to service.sap.com

go to Installation and upgrade guides section

click on SAP COMPONENTS.

Choose SAP solution manager under that

pick your release, under--> operations tab you will find the security guide it has all the information about SAP solution manager security guide

Pay attention to page -25 and above

No never give SAP_ALL /SAP_NEW to any user in production system.

Edited by: Franklin Jayasim on Jul 13, 2010 11:51 PM

Edited by: Franklin Jayasim on Jul 14, 2010 12:17 AM

42 · ‎07-15-2010

Hi Beth,

just for using/administration the Maintenance Optimizer you don't need more than SAP_MAINT_OPT_ADMIN. Beside that role we only added one more role with the bundle of Basis transaction for system monitoring, user administration etc. - just what the Basis staff needs for their business. It wouldn't be a good idea to use SAP_ALL...:-(

Dirk