focused insights for sap solution manager - help.sap.com · pdf fileexample words or...
TRANSCRIPT
Security Guide
Focused Insights for SAP Solution Manager
Document Version: 1.5 2018-02-15
PUBLIC
Focused Insights for SAP Solution Manager 7.2 ST-OST 200 SP 1
2
PUBLIC
2018 SAP SE or an SAP affiliate company. All rights reserved.
Focused Insights for SAP Solution Manager 7.2
Focused Insight Roles and Personas
Typographic Conventions
Type Style Description
Example Words or characters quoted from the screen. These include field names, screen titles,
pushbuttons labels, menu names, menu paths, and menu options.
Textual cross-references to other documents.
Example Emphasized words or expressions.
EXAMPLE Technical names of system objects. These include report names, program names,
transaction codes, table names, and key concepts of a programming language when they
are surrounded by body text, for example, SELECT and INCLUDE.
Example Output on the screen. This includes file and directory names and their paths, messages,
names of variables and parameters, source text, and names of installation, upgrade and
database tools.
Example Exact user entry. These are words or characters that you enter in the system exactly as
they appear in the documentation.
Variable user entry. Angle brackets indicate that you replace these words and characters
with appropriate entries to make entries in the system.
EXAMPLE Keys on the keyboard, for example, F2 or ENTER .
Focused Insights for SAP Solution Manager 7.2
Focused Insight Roles and Personas
PUBLIC
2018 SAP SE or an SAP affiliate company. All rights reserved. 3
Document History
Version Date Change
1.0 2016-11-28 First version created.
1.1 2017-01-19 Role SAP_BC_WS_DISPLAY has been replaced by the role
SAP_TECHMON_DISPLAY_COMP.
1.2 2017-03-23 New role added: SAP_BC_WEBSERVICE_SERVICE_USER
1.3 2017-07-31 Support package 1 (SPS 1)
1.4 2017-11-22 Update of Anonymous Access
Add a new section for Instance Dashboard Group Configuration
1.5 2018-02-15 Minor changes
4
PUBLIC
2018 SAP SE or an SAP affiliate company. All rights reserved.
Focused Insights for SAP Solution Manager 7.2
Focused Insight Roles and Personas
Contents
1 Focused Insight Roles and Personas .......................................................................................... 5 1.1 Personas ................................................................................................................................................. 5 1.2 Focused Insights Roles ......................................................................................................................... 5 1.3 Standard SAP Solution Manager Roles and Authorizations .............................................................. 7
2 Detailed Authorization Concept .................................................................................................. 8 2.1 Definition ................................................................................................................................................ 8 2.2 Focused Insights Authorization Objects per Dashboard ................................................................... 8 2.3 Focused Insights Authorization Objects ............................................................................................. 9 2.4 Role Configuration Example ................................................................................................................. 9
3 Adding a Specific Dashboard Key to a Role ............................................................................. 11
4 Configuring Anonymous Access ............................................................................................... 15 4.1 Step by Step Procedures ..................................................................................................................... 15
4.1.1 Create Communication User for SAPUI5 Librairies..........................................................16 4.1.2 Add logon data to the SAPUI5 libraries ..............................................................................16 4.1.3 Create Anonymous User .....................................................................................................16 4.1.4 Configure Roles and Authorisations...................................................................................16 4.1.5 Create an External Alias for OData services ...................................................................... 17 4.1.6 Create an External Alias for BSP applications ...................................................................18 4.1.7 Distribute URLs ....................................................................................................................19
4.2 Step by Step Example ......................................................................................................................... 20 4.2.1 Create Anonymous user ..................................................................................................... 20 4.2.2 Add logon data to the SAPUi5 libraries ............................................................................. 22 4.2.3 Configure Roles and Authorizations.................................................................................. 24 4.2.4 Create External Aliases for Classic Dashboards .............................................................. 29 4.2.5 Create External Aliases for Unified Dashboards .............................................................. 34
5 Configuring Instance Dashboard Groups ................................................................................ 40 5.1 Step by Step Procedure ...................................................................................................................... 40
5.1.1 Data Model ........................................................................................................................... 40 5.1.2 Create the Dashboard Groups DB Table ...........................................................................41 5.1.3 Create the Dashboard Instance Groups DB Table ............................................................41 5.1.4 Configure Roles and Authorizations...................................................................................41
5.2 Step by Step Example ......................................................................................................................... 42 5.2.1 Create the Dashboard Groups DB Table .......................................................................... 43 5.2.2 Create the Dashboard Instance Groups DB Table ........................................................... 45 5.2.3 Configure Roles and Authorization ................................................................................... 48
Focused Insights for SAP Solution Manager 7.2
Focused Insight Roles and Personas
PUBLIC
2018 SAP SE or an SAP affiliate company. All rights reserved. 5
1 Focused Insight Roles and Personas
Focused Insights for SAP Solution Manager is based on the overall architecture and infrastructure of SAP Solution
Manager 7.2 SPS 5. Therefore, all the security guidelines for SAP Solution Manager apply. To check the Secure
Configuration Security Guide of SAP Solution Manager, go to
https://help.sap.com/viewer/p/SAP_Solution_Manager and select version 7.2. SPS 5.
1.1 Personas
Focused Insights delivers dashboards that consume metrics and KPIs from SAP Solution Manager and can be
easily configured to display extensive information on all the systems connected to the SAP Solution Manager
System.
The following personas (main roles) are associated to the usage of these dashboards:
Dashboard Configurator (or Administrator)
Dashboard Configurators configure the dashboards. Based on the requirements of their organizations they
will configure the dashboard models with the various systems and metrics from their SAP Solution Manager
system. Configuring one dashboard model triggers the creation of an instance (configuration) of this
dashboard. This instance is identified by a unique configuration ID.
Dashboard User
Dashboard Users view the data in the dashboards instances. These users are not able to make changes to the
dashboard configuration.
1.2 Focused Insights Roles
Two roles are delivered with Focused Insights. These Focused Insights roles provide a generic access to all
dashboards; they can be copied and tailored to specific needs as described in this document.
SAP_OST_FI_DISPLAY_ALL
This is the role needed to view all the dashboard instances (regardless of the dashboard model). Here are the
authorization objects and values details:
https://help.sap.com/viewer/p/SAP_Solution_Manager
6
PUBLIC
2018 SAP SE or an SAP affiliate company. All rights reserved.
Focused Insights for SAP Solution Manager 7.2
Focused Insight Roles and Personas
SAP_OST_FI_DISPLAY_ALL (Display All Dashboards)
SAP_OST_FI_ADMIN_ALL
This role can configure all dashboard models and instances.
Here are the authorization objects and values details:
SAP_OST_FI_ADMIN_ALL (Administration All Dashboards)
Focused Insights for SAP Solution Manager 7.2
Focused Insight Roles and Personas
PUBLIC
2018 SAP SE or an SAP affiliate company. All rights reserved. 7
1.3 Standard SAP Solution Manager Roles and Authorizations
To