9/20/2020 SAP e-book
Unit 1: SAP Solution Manager Environment
The following sections should give you a short overview of the roles that are available in SAP
Solution Manager 7.2.
Figure 16: Authorization Concept in General
SAP Solution Manager uses the authorizations provided by SAP NetWeaver. Therefore, the
recommendations and guidelines for authorizations as described in the SAP NetWeaver AS
Security Guide ABAP also apply to SAP Solution Manager. The SAP NetWeaver authorization
concept is based on assigning authorizations to users based on roles. For role maintenance,
use the profile generator (transaction PFCG).
RFC connections between SAP Solution Manager and the satellite systems are needed for
monitoring and incident analysis. The managed system could be defined as a trusted system
in SAP Solution Manager, and the same in reverse. Trusted systems can log on to the trusting
system without a password. A trusted Remote Function Call (RFC) connection in SAP
Solution Manager works in the following way. The Solution Manager user can log on to the
managed system without additional logins. The user needs the authorization object
S_RFCACL in the satellite system, which is not included in the SAP_ALL profile for security
reasons. The authorization object is included in the SAP_S_RFCACL role, which needs to be
maintained by the system administrator, according to the system landscape.
If you want to force a login, use the option LOGIN RFC connection during the RFC destination
generation. The S_RFC authorization controls RFC access to function groups. If a user wants
to call function groups remotely, he or she needs the S_RFC authorization object in the target
system. For more information, see SAP Note 128447 – Trusted/trusting systems for more
information on how to set up a trusted system connection.
SAP Solution Manger Work Center
SAP Solution Manager 7.1 uses Work Center to help you to do your work. In SAP Solution
Manager 7.2, the Work Center is not supported.
In both SAP Solution Manager release versions, roles for users are defined by a user definition
according SAP processes or job tasks. In SAP Solution Manager 7.1, to every user role
definition, a composite role is assigned. One composite role can contain many single roles
© Copyright. All rights reserved. 26
1/2
�9/20/2020 SAP e-book
Lesson: Authorization Management
with differing purposes and access to several work centers. All composite user roles contain
the SAP_SMWORK_<WorkCenter> navigation role(s). This role authorizes users to run tasks.
Figure 17: Work Centers in SAP Solution Manager 7.1
In addition, all relevant authorizations for the work center framework are contained in
authorization role SAP_SMWORK_BASIC_<WorkCenter> . This role contains all authorization
objects for the work center frame, navigation, and table control.
SAP Solution Manager Launchpad
SAP Solution Manager 7.2 provides SAP Fiori apps to perform specific tasks in a fast and
simple way. You can start the SAP Fiori apps from the SAP Solution Manager launchpad, or
access them from a central SAP Fiori launchpad, depending on the setup. To start the SAP
Solution Manager launchpad, start the transaction SM_WORKCENTER.
© Copyright. All rights reserved. 27
2/2
