Flexnet SAP Authorization role Permission
Need your support with role authorization aligned with Admin & Satellite , SAP Security team has raised the below concern
Role has display access to all tables however the tool is checking certain tables hence Security Team need to restrict by Seeking support if the required Tables/Auth Groups to restrict the Role byreplacing the * value
Role has authority for User Changes and Lock/Unlock along with Display access; seeking feedback if this access is required by the Tool or we can restrict
Data collected by the SAP system from Table DD03L .
You can customize the role based on your own situation.
- S_TABU_DIS: As we support a variety versions of SAP NetWeaver, the role definition should be compatible to all these versions. But we have noticed a few standard tables belong to different auth groups in different versions. That is one of the reason we use * here. Customer can start with the following list of tables if they decide to use table name or authorization group.
- /LICMAN/* (/LICMAN/ is Flexera reserved namespace)
- SAP standard tables which can be found in FlexNet Manager for SAP Applications Installation Guide. There is a chapter called “Tables Read and Data Collected by the SAP Inventory Agent “ introducing the tables it needs to read.
- S_USER_GRP: FNMS SAP Admin Module supports user maintenance functionalities which requires such authorization. If customer just reviews license recommendation on Admin Module side instead of processing license recommendation, they can only leave display access.
Diggesh H Joshi