Flexnet SAP Authorization role Permission

SRicky · ‎Aug 27, 2020

Need your support with role authorization aligned with Admin & Satellite , SAP Security team has raised the below concern

Authorization object	Access Level
S_TABU_DIS	Role has display access to all tables however the tool is checking certain tables hence Security Team need to restrict by Seeking support if the required Tables/Auth Groups to restrict the Role byreplacing the * value
S_USER_GRP	Role has authority for User Changes and Lock/Unlock along with Display access; seeking feedback if this access is required by the Tool or we can restrict

Data collected by the SAP system from Table DD03L .

Regards

SJ

Diggesh · ‎Aug 31, 2020

Hi Sagar,

You can customize the role based on your own situation.

S_TABU_DIS: As we support a variety versions of SAP NetWeaver, the role definition should be compatible to all these versions. But we have noticed a few standard tables belong to different auth groups in different versions. That is one of the reason we use * here. Customer can start with the following list of tables if they decide to use table name or authorization group.

/LICMAN/* (/LICMAN/ is Flexera reserved namespace)
SAP standard tables which can be found in FlexNet Manager for SAP Applications Installation Guide. There is a chapter called “Tables Read and Data Collected by the SAP Inventory Agent “ introducing the tables it needs to read.

S_USER_GRP: FNMS SAP Admin Module supports user maintenance functionalities which requires such authorization. If customer just reviews license recommendation on Admin Module side instead of processing license recommendation, they can only leave display access.

Thanks,

Diggesh H Joshi