Skip to end of metadata
Go to start of metadata

ConfigStore AUTH_COMB_CHECK_USER

Purpose:

This ConfigStore allows to deliver users having critical authorizations. The intention of this ConfigStore is to check special or very critical authorizations by the Configuration Validation. The ConfigStore must not be used for mass authorization checks because its runtime and memory consumption increases with the number of checks.

The ConfigStore is available since Solution Manager 7.10 Support Package 05 and replaces ConfigStore AUTH_CHECK_USER.

Customizing:

The 'Combination ID' represents one authorization check and is used as result key in the content structure of the ConfigStore (see second picture). The boolean result of the 'Combination ID' is the logical 'AND' combination of its 'Authorization IDs'. In the most cases it is not required to use more than one 'Authorization ID' as shown in the example below ('Authorization ID' is just always equal to 'Combination ID').

The boolean result of an 'Authorization ID' is the logical 'AND' combination of its 'Groups'. Each 'Group' is either an 'AND' or an 'OR' group. This is defined by the setting in the column 'AND/OR'. Within an 'AND Group' all equal 'Objects' are treated as one and combined together to the other 'Groups' of the 'Authorization ID'. In contrary to this, each record of an 'OR Group' is combined on its own to the other 'Groups' of the 'Authorization ID'.

In addition to specific field values there is the possibilities to use the following placeholders in the columns 'From' and 'To':
* = Any value
#* = The authorization value *
#** = The authorization value * or all available values

Content:

Remarks:

- Reference users are taken into account

- Users having the profile SAP_ALL are ignored

- Returncode of column "RC":
                NONE                   No matching user was found
                Others                 Different types of error messages

ConfigStore AUTH_COMB_CHECK_ROLE

Purpose:

This ConfigStore allows to deliver roles having critical authorizations. The intention of this ConfigStore is to check special or very critical authorizations by the Configuration Validation. The ConfigStore must not be used for mass authorization checks because its runtime and memory consumption increases with the number of checks.

The ConfigStore is available since Solution Manager 7.10 Support Package 05.

Customizing:

Please refer to the documenation of ConfigStore AUTH_COMB_CHECK_USER.

Content:

ConfigStore AUTH_PROFILE_USER

Purpose:

This ConfigStore delivers the users having assigned the customized authorization profile(s).

Remarks:

- Reference users are taken into account

ConfigStore AUTH_TRANSACTION_USER

Purpose:

This ConfigStore delivers the users having assigned the customized transaction.

A user is returned as a positive result if all the conditions below are fulfilled:

  • The user has the authorization for the transaction
    Object "S_TCODE"
    Field "TCD"

Remark:

- Users having the profile SAP_ALL are ignored

ConfigStore AUTH_USER_TYPES

The ConfigStore is available since Solution Manager 7.10 ST support package 12 and ST-A/PI release 01R in the managed system.

Purpose:

This ConfigStore allows to check for users of a specific user type. The customizing consists of three fields:

  • 'Check Id'
    A character field of length 30 used as identifier of a check in the customizing and the store content.
  • 'User Name'
    A dedicated user or a user pattern can be used here.
  • 'User type'
    The following values are allowed: 'DIALOG', 'SYSTEM', 'COMMUNICATION', 'REFERENCE', 'SERVICE' and '*' for all user types.

Example for the Store content:

Remark:

- The ConfigStore must not be used to upload mass data. The intention of this Store is to check dedicated users and or may be small user groups which can be selected using a user pattern.

ConfigStore AUTH_ROLE_USER

The ConfigStore is available since Solution Manager 7.10 ST support package 12 and ST-A/PI release 01R in the managed system.

Purpose:

This ConfigStore allows several types of check regarding a role to user combination:

  1. Upload all roles of a single user
  2. Upload all combinations of role to user based on a role pattern and/or user pattern
  3. Counting the number of users per role based on a role pattern and/or user pattern

The customizing consists of three fields:

  • 'Check Id'
    A character field of length 30 used as identifier of a check in the customizing and the store content.
  • 'Role pattern'
    A dedicated role or a role pattern can be used here.
  • 'User pattern'
    A dedicated user or a user pattern can be used here. For counting the number of users the command <COUNT *> as shown above can be used.
    Here it is also allowed to user a user pattern instead of count all users by '*'. Example: <COUNT C*> will count the number of users with the pattern C*.

Example for the Store content:

 

Remark:

- The ConfigStore must not be used to upload mass data. The intention of this Store is to check dedicated role user combinations or the roles of single users.

ConfigStore TDDAT_TABLES

The ConfigStore is available since Solution Manager 7.10 ST support package 12 and ST-A/PI release 01R in the managed system.

Purpose:

This ConfigStore is an extention of ConfigStore TDDAT. In contrary to Store TDDAT, the Store TDDAT_TABLES can be customized allowing to upload the table entries for individual tables. 

 

  • No labels