07-13-2010 10:30 PM
Hi,
What roles should a Basis person have in SolMan prod? We are implementing SM7 and have 2 Solman environments - dev and prod. The main use for this right now is the Maintenance Optimizer and no one outside of Basis and Security have access to these boxes. So far, the following roles have been used which we have renamed into our namespace:
SAP_MAINT_OPT_ADMIN
SAP_SM_BATCH
SAP_SM_SOLUTION_ALL
SAP_SMSY_ALL
SAP_SMSY_CTC_RT
SAP_SMSY_DIS
SAP_SMWORK_BASIC
SAP_SMWORK_BPM
SAP_SMWORK_CHANGE_MAN
SAP_SMWORK_LANDSCAPE_MAN
SAP_SMWORK_SETUP
SAP_SMWORK_SYS_ADMIN
SAP_SMWORK_SYS_MON
SAP_SOL_LEARNING_MAP_DIS
SAP_S_RFCACL
When we go live, what roles should they have? Should they be allowed to have SAP_ALL in prod?
Thanks,
Beth
07-13-2010 10:50 PM
Hi you will have to group your roles based on what the teams need,
The best bet would be please login to service.sap.com
go to Installation and upgrade guides section
click on SAP COMPONENTS.
Choose SAP solution manager under that
pick your release, under--> operations tab you will find the security guide it has all the information about SAP solution manager security guide
Pay attention to page -25 and above
No never give SAP_ALL /SAP_NEW to any user in production system.
Edited by: Franklin Jayasim on Jul 13, 2010 11:51 PM
Edited by: Franklin Jayasim on Jul 14, 2010 12:17 AM
07-15-2010 8:53 AM
Hi Beth,
just for using/administration the Maintenance Optimizer you don't need more than SAP_MAINT_OPT_ADMIN. Beside that role we only added one more role with the bundle of Basis transaction for system monitoring, user administration etc. - just what the Basis staff needs for their business. It wouldn't be a good idea to use SAP_ALL...:-(
Dirk