SAP authorization is a way of getting a protection and security to the data and in the previous post we have dealt with this authorization with ALE and this post is like a continuation to that discussion.
Generating Authorization Profiles
Roles are maintained using the Profile Generator transaction PFCG, which robotically generates the authorizations comparable to the transactions which can be previously chosen using a menu tree for the consumer role. There is, nonetheless, some manual maintenance for these authorizations as a consequence of there are values that should be outlined by the client for every case: as an example, the organization structure allowed, activities, and so on.
When maintaining and generating profiles to be assigned to roles, the display exhibits a yellow light right by the object if the authorization objects will not be utterly maintained (don't have values assigned). When all values are assigned, the light becomes green. Once all values are adjusted for the authorization objects in accordance with the consumer necessities (the authorization project), the profile will be generated just by clicking on the Generate button.
Working without CUA
When the CUA is not activated, the project of customers to roles must be manually performed in every component system to point how users could have access to these systems. This project can also be carried out using the role administration transaction PFCG. As has been talked about, it is doable (and even quite frequent) to assign multiple role to users. It is also potential and typical to assign the identical role to several users.
The task of users to roles doesn't robotically activate the authorizations for them. For this process to happen, it is required to execute the operation known as a user comparison. By using this program, the system compares the actual user master report with the file because it has been defined with the project of the role. This course of can be launched both individually or massively, either interactively or in a batch job.
Assigning Users to Composite Roles
When the CUA is simply not activated, the project of customers to composite roles must be carried out within the WPS. As indicated in the earlier part, the assignment of a easy role to a consumer should be carried out in each of the component systems. When using the CUA utility, it's only required to assign the consumer to the composite role within the WPS. In this case, the straightforward roles are robotically assigned to the users in every of the part systems. In both cases, with or with out the CUA, updating the person master records must be performed utilizing the user comparability utility in each component system.
Once the composite roles are assigned to users in the WPS, the users can go online to the Workplace. The users can choose from the transactions or companies offered throughout the LaunchPad. All transactions will be executed on the corresponding part system.
Authorization for Connecting to the Workplace
All users who're going to connect with the Workplace are also required to have the authorization S_RFC with all values assigned (that is, the wildcard “ *”). Moreover, to permit users to personalize their entry to the Workplace, they have to additionally have the SAP_WORKPLACE_USER assigned. With this role, the customers can customize their MiniApps and their GUIs.
Configuring the mySAP Workplace:
Implementing a mySAP Office as an Enterprise Portal is an thrilling project, which requires a substantial amount of preparation, evaluation, design, and implementation. There are numerous technical details and duties that should not be ignored and must really be carried out to find a way to set the fundamental performance of the mySAP Workplace. These are the customizing settings required for defining such subjects as normal settings,Net server definitions, connections, classification of transactions, and so on.
Considerations Earlier than Implementing the mySAP
Before beginning the mySAP Office configuration, you should check that the system (Office server) is appropriately and utterly installed. This mainly means having the mySAP Basis (simply an R/three system) and the Office plug-in. If the SAPGUI for Windows or SAPGUI for Java goes for use, the corresponding entrance-end software program or Java plug-ins must be loaded.
Technical requirements are :
- As browser, Microsoft Web Explorer 5.0 or increased is necessary. Verify within the SAP Service Market for the availability of different browsers. If this release is not used, the Drag&Relate and drag and drop performance will not be available.
- An ITS instance is required for the Office and all the R/3 component systems to which users will connect from the Workplace.
- The Office server can be a standalone system from which to execute the main functions. These include:
- Function management
- Configuration or development of MiniApps
- Definition of RFC connections and logical techniques
- Era of transaction URLs
- Office Middle ware server (an ITS server with specific companies for the Workplace) is needed.
- Server for the Drag&Relate performance is required.
Central Settings for the Workplace
The following record reflects the basic tasks that should be outlined for the Workplace. These duties are achieved with some of the transactions described earlier, in addition to by filling up some of the customizing tables.
- Registering logical system
- Creating RFC connections
- Registering an ITS server
- Creating particular person roles (adding transactions, stories or Net addresses)
- Creating authorization for single roles
- Assigning a user function (with out CUA)
- Transporting position to mySAP Office using a transport request
- Importing roles from element system by RFC
- Getting into the vacation spot system in a single position (including MiniApps)
- Creating composite roles
- Assigning a person function
Creating and Configuring MiniApps
MiniApps confer with any sort of utility, information, or service that can be visualized in a Internet browser frame. The MiniApps are proven in a push mechanism within the dwelling web page of the consumer of the Workplace. Users will see the MiniApps which were assigned to them in accordance with their role.
These are the primary options and characteristics of MiniApps:
- The set of MiniApps supplied in the mySAP Workplace depends upon the role of the user.
- MiniApps are self-contained Web paperwork that are offered by a URL, managed by the mySAP Workplace server. The useful resource itself can be wherever on the Web.
- MiniApps proactively present data to the users.
Examples of MiniApps are e-mail or calendar access, alerts, stories, There are several ways to create MiniApps. A few of them are as follows:
- Because they are at all times called using a URL, the easiest manner is to set a URL hyperlink to a Internet service or document. If that is the case, there is not any development at all.
- They are often developed using in style environments akin to Visual Fundamental (Visual Studio), Visible Age, and so on.
- They are often created by linking a BW Net report utilizing the ITS move logic.
The way to integrate a MiniApp in the Workplace is by simply including the URLs in the consumer’s role. This is carried out by selecting Goto/MiniApps from the Role Upkeep screen.
Integrating Non-SAP Systems
The combination of non-SAP systems depends on the sort of utility that needs to be built-in into the Workplace.Internet applications based on HTML can be built-in very easily, but it is also doable to integrate purposes using a browser plug-in, purposes installed on the local consumer, or by working on a Citrix Terminal Server.Internet-based mostly intranet or Web applications might be integrated into the Workplace by adding their URLs to a role. Commonplace Windows applications could be installed on the local consumer, or the applying can run on a Citrix.
Terminal Server and be displayed with a browser plug-in in the WorkArea of the Workplace. This additionally applies for the SAPGUI for Windows. You must decide on which way you need to integrate non-SAP functions into your Workplace. You'll be able to either embrace them by hyperlink in the LaunchPad of the person or execute them as MiniApps in the WorkArea. Applications integrated in the LaunchPad can run within the WorkArea of the Workplace or can begin in a separate window. MiniApps must be known as with a URL, so they need to be both primarily based on a HTML Internet software or run as a Java applet or ActiveX control. Just including hyperlinks to non-SAP applications to the LaunchPad or embedding them as MiniApps doesn't fulfill the necessities of actual integration, because third party applications often require an additional login process. So you must think about enabling those functions for SSO.
If you are using SSO cookies, this integration may be very restricted, as a consequence of SSO cookies solely work with the ITS or the SAPGUI for Windows. For utilizing SSO Tickets, SAP AG presents a library (sapsecu-lib) for checking SSO Tickets in third party applications. This fashion, existing intranet purposes will be integrated into the Workplace, and SSO will work. Client certificates (X.509) are qualified for SSO solutions in heterogeneous environments with SAP and non-SAP systems. X.509 is a public customary and is supported by all kinds of applications. Additionally, it is potential to verify the certificates utilizing a central listing service resembling LDAP (Light-weight Directory Access Protocol).
mySAP Workplace Launch 3.0
With the introduction of launch 3.0 of the mySAP Office, SAP aims to grow to be a big player in the market for company portals. So as to achieve this strategic goal, SAP is leveraging the current Office providing with new layer for MiniApps Improvement and technologically advanced content management. The vital thing piece of the discharge 3.0 of the Workplace is the element often called the WCM (Internet Content material Management), which will in all probability be answerable for joining knowledge management-based technology with the position concept and making the inclusion, search, formatting, and storing of the content a sooner and more technically advanced process.
What is SAP and Why do we are in need of It
SAP authorization and client administration in mysap.com
SAP Authorization and ALE