SRicky
Active participant

Flexnet SAP Authorization role Permission

Need your support with role  authorization aligned with Admin & Satellite  , SAP Security team has raised the below concern

 

Authorization object

Access Level

S_TABU_DIS

Role has display access to all tables however the  tool is checking certain tables hence Security Team  need to restrict by Seeking support if the required  Tables/Auth Groups to restrict the Role byreplacing  the * value

S_USER_GRP

Role has authority for User Changes and Lock/Unlock  along with Display access; seeking feedback if this access is required by the Tool  or we can restrict

 

Data collected  by the  SAP system from Table DD03L .

 

Regards

SJ

Labels (1)
0 Kudos
1 Reply
Diggesh
Flexera
Flexera

Hi Sagar,

You can customize the role based on your own situation.

  • S_TABU_DIS: As we support a variety versions of SAP NetWeaver, the role definition should be compatible to all these versions. But we have noticed a few standard tables belong to different auth groups in different versions. That is one of the reason we use * here. Customer can start with the following list of tables if they decide to use table name or authorization group.
    • /LICMAN/* (/LICMAN/ is Flexera reserved namespace)
    • SAP standard tables which can be found in FlexNet Manager for SAP Applications Installation Guide. There is a chapter called “Tables Read and Data Collected by the SAP Inventory Agent “ introducing the tables it needs to read.
  • S_USER_GRP: FNMS SAP Admin Module supports user maintenance functionalities which requires such authorization. If customer just reviews license recommendation on Admin Module side instead of processing license recommendation, they can only leave display access.

Thanks,

Diggesh H Joshi

Diggesh H Joshi