Using a Support User to Grant “Read All, Change Nothing” Access Rights to SLD Systems
The System Landscape Directory (SLD) of the SAP NetWeaver is a central provider of information on software and systems and SLD data is critical to many processes, so you need to protect it. In some cases, however, it is necessary that a person can see all SLD data – including those used by the SLD administrator – but need not change them: Often, this is the case when it comes to issues requiring support, so for this use case, a specific support role is available, sparing you the risk that might be caused by assigning an administrator user.
Steps to Create a Support User
Creating a SUPPORT User | Allow display of all SLD data without change permission |
Open the user maintenance:
- Open the AS Java start page - Choose the User Management. | |
Create a new user:
- Choose Create User. | |
Enter the user’s data:
- Logon ID for example = SLD_SUPPORT
- Enter a password
Choose Assign Groups | |
Assign a Group to user SLD_SUPPORT:
- Filter for and choose Group = SAP_SLD_SUPPORT (this grants full read rights).
- Choose Add.
- Save your settings. | |
Result
The newly created user will be able to see all SLD data but not allowed to change them.
Additional Information
Additional Information on the SLD is available on the SDN under quick link nw-sld (System Landscape Directory (SLD))