Ansicht
Dokumentation
AI_LMDB_OB - Authorization Object for LMDB Objects
General Material Data Fill RESBD Structure from EBP Component StructureThis documentation is copyright by SAP AG.
Definition
The Landscape Management Database (LMDB) is the central information repository for your system landscape, based on the standard Common Information Model (CIM).
The authorization object AI_LMDB_OBdefines authorization for single LMDB objects like:
- hosts
- technical systems
- ...
All LMDB objects are grouped in LMDB main entity typesand LMDB subentity types.
Note that not all main entity types have subentity types.
For LMDB administration authorization checks, see Authorization to Administrate LMDB (AI_LMDB_AD)
Defined fields
The authorization object has the following fields:
- ACTVT: The activity field defines general access authorization of the user to the object.
- LMDB_DOMA: This field defines the LMDB domains to which the user should have access. Only the domain ldb(Landscape Management Database) is currently available.
- LMDB_NAMES: The LMDB namespace field defines the namespaces to which the user should have access. The possible namespace values depend on the namespaces available in the local LMDB and on the selected LMDB domains. A Solution Manager system usually has only one namespace, <'active'>.
- LMDB_MTYPE: The LMDB main entity type field defines to which main entity types the user should have access. Following main entity types are checked by this authorization object:
- HOST - Computer System
- SYST_GROUP - System Group
- TECSYST - Technical System
- ...
- LMDB_STYPE: The LMDB subentity type field defines to which sub entity types the user should have access. The possible subtype values depend on the selected main types.
- LMDB_OBJID: The LMDB object ID field defines to which LMDB objects the user should have access. Depending on the selected LMDB main entity type and the LMDB subentity type, the following parameters are used as LMDB_OBJID values:
- Technical System: LMDB_OBJID is the Extended System ID
(Maximum length is 8 characters; usually it is 3 or 8)
- Host (Computer System): LMDB_OBJID is the Host Name(without network domain information)
(Maximum length is 64 characters)
Attention: The ID Field only considers 40 characters. The name of the host can in principle be up to 64 characters, but you can only use the first 40 characters of a host name in the authorization checks.
- System Group: Name of the System Group/Technical Scenario
(Maximum length is 32 characters)
The authorizations of all fields are maintained in a UI. Use the field input help to maintain the authorizations.
Integration of the Checks in SAP Solution Manager
The authorization checks are integrated, for example into the following UIs:
- LMDB Technical System Editor (transaction LMDB)
- LMDB Host Editor
- Diagnostics Landscape Browser
- ...
The following activities are checked in the Solution Manager Applications:
Create (Activity 01) and Delete (Activity 06)
Related operations are the creation/deletion of objects, for example a technical system, in LMDB.
Change (Activity 02)
Related operations are changes of objects in LMDB - for example:
- Change the description of a technical system
- Maintain the technical instances of a technical system (this explicitly includes the creation and deletion of technical instances).
- Maintain the software definition of a technical system
- ...
The LMDB UIs (for example the Technical System Editor) allow the direct maintenance of the most important attributes of the relevant objects. The UI cannot show all attributes directly, since this would overload it, but in rare cases special attributes have to be maintained manually by a user. The maintenance can be performed in the generic detail screen popups of the LMDB UIs, so administration change authorization may be required, as well as the standard change. For more information, see Authorization to Administrate LMDB.
Display (Activity 03)
The related operation in the LMDB is to display the corresponding LMDB objects.
Traverse Associations in the Technical Details popups:
In the LMDB UIs you can show technical details
for a dedicated CIM instance: The generic details popups. In these popups, you can navigate between
CIM instances in the Associations tab. This is useful for error
analysis, because this navigation allows a user to display all data in the LMDB store, so navigation
is only allowed to users with authorization to display all LMDB objects (LMDB_MTYPE, LMDB_STYPE and LMDB_OBJID must contain a wild card ('*'). An alternative to the wild cards is authorization object
Authorization to Administrate LMDB.
Addresses (Business Address Services) BAL Application Log Documentation
This documentation is copyright by SAP AG.
Length: 6514 Date: 20240419 Time: 041750 sap01-206 ( 98 ms )