Solution Manager utilizes 3 RFC and a few Admin users to connect to managed system that. These RFC's and admin users allow Solution Manager to perform a number of different applications including Technical Monitoring, Root Cause Analysis, and,ChaRm, just to name a few. To ensure all of these Solution Manager applications function properly it is important that the users that are used by the RFC and the Admin users have the correct and up to data authorizations.This blog is designed to provide instruction on all the details required to keep them up to date and the exact roles required by the users.
The First step is to update Solution Tools ST-PI and ST-A/PI in all the ABAP managed systems. The latest patches will update the following security roles used by the Admin users listed below.
The second step is to update the Security roles used by the RFC's users. The RFC roles listed below are only updated in 2 ways. From updating the Component ST in Solution Manager or by manually uploading from either Note listed below, depending on the Support Pack of Solution Manager. To ensure you have the latest version of the roles, you will want to update manually from the 2 notes below.
1830640 - Authorizations for SAP Solution Manager RFC users as of SP09
1572183 - Authorizations for SAP Solution Manager RFC users Up to SP08
NOTE -- If a Super user is provided with the security access to create a user, create a role, Generate a profile and complete a user comparison on a role. All of the work below can be completed automatically by Solution Manager. Unless Production is set to not allow the direct creation of Roles. In that case the RFC roles must be uploaded and transported to Prod Manually.
Note -- If Solution Manager is used to upload the RFC Roles. Update the Roles from the notes listed above into Solution Manager. This will ensure the managed systems receive the latest roles and that Solution Manager functions properly.
When manually updating the security roles for the RFC users the following steps will be required.
READ RFC ABAP User (SYSTEM Account):
Assigned Roles:
TMW RFC ABAP User (SYSTEM Account):
Assigned Roles:
Create a user for each managed ABAP system within Solution Manager (SYSTEM Account):
Back RFC User:
Assigned Roles:
Create and Assign roles for the following required Admin users (Not Specified in the Note):
ADMIN ABAP User (SYSTEM Account):
Assigned Roles:
Diagnostic Agent ABAP User (SYSTEM Account):
Assigned Roles:
Within all JAVA stacks, the following note must but be followed. Please assign the newly created Full Access SPML role to the following Java Admin Users. The Admin users below are used by solution manager to collect data on a JAVA managed systems.
1647157 - How to Set up Access to the SPML Service on AS Java
Diagnostic JAVA User needed (SYSTEM Account) :
Required Roles for all systems:
Additional Roles for PI system
Additional Roles for Solution Manager
Finally, the SAPSUPPORT user must the following roles in all Systems:
All ABAP Systems:
All JAVA Systems:
Required Roles for all systems:
Additional Roles for PI system Only:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
10 | |
7 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |