Kontakt

Ansicht
Dokumentation

DAM_AUTH_SECU - Security and Authorizations

DAM_AUTH_SECU - Security and Authorizations

rdisp/max_wprun_time - Maximum work process run time   CPI1466 during Backup  
This documentation is copyright by SAP AG.
SAP E-Book

A digital asset is a logical document that contains multiple versions of the digital asset, and is called a physical document. Subsequently, the following technical terms are used:

  • Logical Info Object (LOIO): A digital asset is a logical info object.
  • Physical Info Object (PHIO): A digital asset consists of one or multiple versions of a digital asset, called a physical info object.

Some properties are valid for the digital asset as a whole, while others, on the other hand, can differ from version to version.

System security is based on authorization objects that consist of different user-definable fields. If you want to grant authorizations to a user, assign him or her to a role in the system that has an authorization profile with authorization objects.

For precise information about the SAP authorization concept and maintenance of the authorizations, see SAP Help Portal at help.sap.com -> SAP NetWeaver → SAP NetWeaver 7.0 (2004s) → SAP NetWeaver 7.0 Library → SAP NetWeaver Library → SAP NetWeaver by Key Capability → Security → Identity Management

→ Identity Management of the Application Server ABAP → AS ABAP Authorization Concept.

→ Identity Management of the Application Server Java → Authorization Concept of the AS Java.

Security in the Portal

Portal roles determine which DAM applications are available for the logged-on user. Administration applications should only be available to users with administrator rights.

CRM System

If a DAM application has been started from the portal, the CRM system checks whether the user is authorized to do so, and to specify what the user can and cannot do.

This document describes the activities necessary to secure your CRM system and give users rights to access digital assets.

Sources for Security-Relevant Properties

Digital assets or versions of a digital asset have additional properties that can originate from the following different sources:

  • Type of digital asset
  • Content Management
  • Classification System
  • Status Management
  • Legal information
  • Properties dependent on rights

The digital asset type (DAMDOCTYPE), staus information, document status (PHIODOCSTA), and security status are always security-relevant.

Additionally, you can specify up to five further properties as security-relevant in the IMG activity Define Authorization Fields/Properties for Digital Assets.

They can come from the following data sources:

  • Classification system (for the asset - header level)
  • Content Management (for the asset - version level)

Authorization Checks Within the Search for Digital Assets

When you search for digital assets, there are two times an authorization check is performed:

  • When you search for digital assets by selecting a taxonomy node.
Here a check in advance determines which taxonomy nodes contain any digital assets at all that you are allowed to view. Only the nodes where you can find digital assets are displayed.
  • When you have sent a search request, the system checks whether you can also view the digital assets in the search result.

These authorization checks are based on database table CRMD_DAM_BS, in which the authorization-relevant aspects for each version of a digital assets have been defined.

Customers with very large amounts of data have the option to use a customer-specific database table instead. We recommend that you use this option if you experience problems with access times for table CRMD_DAM_BS.

Note

You can keep the possible advantages of the option above open even at the beginning of your project by performing conscious object modelling, for example, by not using the maximum possible length of 30 characters for the internal key of your characteristic values in DAM, but restricting it to 4 or 10 characters. This is independent of the language-dependent descriptions displayed to the user (for this internal key).

You have maintained the properties in the class system, oe else they cannot be checked.

Technical Portal User for Indexing and Administrative Tasks

For indexing and administrative tasks, a service user (default: index_service), which is assigned to a CRM user via user assignment, is used in the portal. This user calls the CRM server via RFC function modules to read information about digital assets and system settings. The CRM user requires read access for all digital assets and the following. authorization objects.

The values are the same as those described in Additional Required Authorizations.

  • S_RFC

  • B_USERSTAT

  • B_USERST_T






CL_GUI_FRONTEND_SERVICES - Frontend Services   PERFORM Short Reference  
This documentation is copyright by SAP AG.

Length: 5671 Date: 20240523 Time: 161238     sap01-206 ( 91 ms )