Kontakt

Ansicht
Dokumentation

AI_LMDB_OB - Authorization Object for LMDB Objects


consolut Authorization for SAP
Easy Authorization Management for SAP

AI_LMDB_OB - Authorization Object for LMDB Objects

General Material Data   Fill RESBD Structure from EBP Component Structure  
This documentation is copyright by SAP AG.
SAP E-Book

Definition

The Landscape Management Database (LMDB) is the central information repository for your system landscape, based on the standard Common Information Model (CIM).

The authorization object AI_LMDB_OBdefines authorization for single LMDB objects like:

  • hosts
  • technical systems
  • ...

All LMDB objects are grouped in LMDB main entity typesand LMDB subentity types.
Note that not all main entity types have subentity types.

For LMDB administration authorization checks, see Authorization to Administrate LMDB (AI_LMDB_AD)

Defined fields

The authorization object has the following fields:

  • ACTVT: The activity field defines general access authorization of the user to the object.
  • LMDB_DOMA: This field defines the LMDB domains to which the user should have access. Only the domain ldb(Landscape Management Database) is currently available.
  • LMDB_NAMES: The LMDB namespace field defines the namespaces to which the user should have access. The possible namespace values depend on the namespaces available in the local LMDB and on the selected LMDB domains. A Solution Manager system usually has only one namespace, <'active'>.
  • LMDB_MTYPE: The LMDB main entity type field defines to which main entity types the user should have access. Following main entity types are checked by this authorization object:
  • HOST - Computer System

  • SYST_GROUP - System Group

  • TECSYST - Technical System

  • ...

  • LMDB_STYPE: The LMDB subentity type field defines to which sub entity types the user should have access. The possible subtype values depend on the selected main types.
  • LMDB_OBJID: The LMDB object ID field defines to which LMDB objects the user should have access. Depending on the selected LMDB main entity type and the LMDB subentity type, the following parameters are used as LMDB_OBJID values:
  • Technical System: LMDB_OBJID is the Extended System ID
    (Maximum length is 8 characters; usually it is 3 or 8)

  • Host (Computer System): LMDB_OBJID is the Host Name(without network domain information)
    (Maximum length is 64 characters)
    Attention: The ID Field only considers 40 characters. The name of the host can in principle be up to 64 characters, but you can only use the first 40 characters of a host name in the authorization checks.

  • System Group: Name of the System Group/Technical Scenario
    (Maximum length is 32 characters)

The authorizations of all fields are maintained in a UI. Use the field input help to maintain the authorizations.

Integration of the Checks in SAP Solution Manager

The authorization checks are integrated, for example into the following UIs:

  • LMDB Technical System Editor (transaction LMDB)
  • LMDB Host Editor
  • Diagnostics Landscape Browser
  • ...

The following activities are checked in the Solution Manager Applications:

Create (Activity 01) and Delete (Activity 06)

Related operations are the creation/deletion of objects, for example a technical system, in LMDB.

Change (Activity 02)

Related operations are changes of objects in LMDB - for example:

  • Change the description of a technical system
  • Maintain the technical instances of a technical system (this explicitly includes the creation and deletion of technical instances).
  • Maintain the software definition of a technical system
  • ...

The LMDB UIs (for example the Technical System Editor) allow the direct maintenance of the most important attributes of the relevant objects. The UI cannot show all attributes directly, since this would overload it, but in rare cases special attributes have to be maintained manually by a user. The maintenance can be performed in the generic detail screen popups of the LMDB UIs, so administration change authorization may be required, as well as the standard change. For more information, see Authorization to Administrate LMDB.

Display (Activity 03)

The related operation in the LMDB is to display the corresponding LMDB objects.

Traverse Associations in the Technical Details popups:
In the LMDB UIs you can show technical details for a dedicated CIM instance: The generic details popups. In these popups, you can navigate between CIM instances in the Associations tab. This is useful for error analysis, because this navigation allows a user to display all data in the LMDB store, so navigation is only allowed to users with authorization to display all LMDB objects (LMDB_MTYPE, LMDB_STYPE and LMDB_OBJID must contain a wild card ('*'). An alternative to the wild cards is authorization object Authorization to Administrate LMDB.







consolut Authorization for SAP
Easy Authorization Management for SAP


Addresses (Business Address Services)   BAL Application Log Documentation  
This documentation is copyright by SAP AG.

Length: 6514 Date: 20240419 Time: 041750     sap01-206 ( 98 ms )