You can find detail information on the authorization concept with SAP Solution Manager 7.2 in the
Authorization Concept Security Guide.
This blog describes the most important roles and authorization objects for Process Management / Solution Documentation in SAP Solution Manager 7.2. The Solution Documentation authorization objects and roles used in SAP Solution Manager 7.1 were changed and replaced with new authorization roles and new authorization objects.
Most important authorization objects for Process Management/Solution Documentation in SolMan 7.2
The most important authorization objects (responsible for an access to solution documentation elements, objects and assignments) of the Process Management/Solution Documentation scenarios are:
- SM_SDOC(Solution Documentation) – authorizations for the solution documentation activities (creation of solution/branch/structure/content etc.)
- SM_SDOCADM (Solution Administration) – authorizations for the solution administration activities (creation of the solution landscape, logical component groups, documentation types etc.)
- SM_GAL_GO (Authorization Object for Graphical Component Global Objects)
All objects are contained in the authorization roles SAP_SM_SL_*.
Authorization objects related to Solution Manager documents:
- S_SMDDOC(Solution Manager Document Authorization) – this object restricts the activities that can be done on a document level.
- S_SMDATT(Solution Manager Document Attribute Authorization Object) – this object restricts the usage of attributes for documents.
Both objects are contained in the authorization roles SAP_SM_KW_*.
Most important single roles for Process Management/Solution Documentation in SolMan 7.2
The SAP_SM_SL_* roles contain all relevant authorizations for process documentation.
The most important single roles to work with the Process Management/Solution Documentation applications are:
- SAP_SM_SL_ADMIN (Process Management Administration) – This role provides full authorizations for Solution Administration (transaction SOLADM/SLAN).
- SAP_SM_SL_EDIT (Solution Documentation Edit) – This role allows to edit the solution process documentation (auth. object SM_SDOC) with BPMN (display) and display the solution administration information.
- AP_SM_SL_DISPLAY (Solution Documentation Display) – This role provides you only display authorizations for the Solution Landscape and process documentation in SAP Solution Manager 7.2.
- SAP_SM_KW_* – Those roles contain authorization objects relevant for Solution Manager documents:
- SAP_SM_FIORI_LP_EMBEDDED (Embedded Use of the Fiori Launchpad in SAP Solution Manager) – This role allows you to access the Process Management/Solution Documentation functionalities via the Fiori Launchpad tiles.
- SAP_SMWORK_IMPL – This role is relevant for work center UI navigation. It will make possible to see the tiles in the Fiori Launchpad based on the assigned authorization groups.
- SAP_SUPPDESK_CREATE – This role is used for the key users in the Service Desk scenario in the SAP Solution Manager system. You may need this role if you allow for creations of messages form the Solution Documentation application.
- SAP_SM_TREX_ADMIN – Configuration User Role for TREX ADMIN (SOLMAN_SETUP Transaction).
Composite roles for Process Management/Solution Documentation
SAP delivers the following composite roles for Process Management/Solution Documentation for the different end user functions:
- SAP_SOL_CONFIG_COMP for execution of Process Management in SOLMAN_SETUP (the configuration user)
- SAP_SOL_PM_COMP for Project Management functions
- SAP_SOL_AC_COMP for execution of Application Consultant functions: Application Consultants plan the functional requirements for a project with the Project Manager and then carry out the required configuration tasks in the system.
- SAP_SOL_TC_COMP for execution of Technical Consultant functions – Technical Consultants plan the technical requirements for a project with the Project Manager and the manager of the technical team and then carry out the required technical tasks in the system.
- SAP_SOL_BC_COMP for execution of Basis / Development Consultant functions – Development Consultants work with the project manager and the application consultant on the planning and organization of the authorization concept. They also perform developmental tasks and customer-specific developments.
- SAP_SOL_RO_COMP for a display user – This type of user can only display information.
- SAP_SOL_RE_COMP for read only user – This type of user can read documents (according to the document status).