Focused Insights for SAP Solution Manager 7.2

Similar documents
Focused Insights for SAP Solution Manager 7.2

Focused Insights for SAP Solution Manager 7.2

Application Performance Monitoring Dashboard 7.2

SAP S/4HANA How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0

How to Work with Multiple Branches in SAP Business One

Step-by-step guide to enable Easy Access Menu in S/4HANA 1610 On-Premise

Integration with SAP Hybris Marketing Cloud - Google Analytics and SAP Cloud Platform Integration

Integration with SAP Hybris Marketing - Google Analytics and SAP Cloud Platform Integration

SAP Business One Financial Consolidation

Configuration of Warehouse Management with Preconfigured Processes

Frequently Asked Questions on Remote Support Platform for SAP Business One (RSP)

SAP Convergent Charging 5.0

Opportunity to Order with C4C Quote using SAP NetWeaver PO

How To Handle SAP Notes During and After Upgrading a Support Package

CUSTOMER SAP Screen Personas: Software and Delivery Requirements

CUSTOMER Customizing Tables for Transfer Types and Enhancement Spot Container for EPC BADIs

Trade Promotion Integration to Condition Contract Settlement Management

SAP Business One Intercompany Purchasing

Quick Guide - SAP Mobile Secure Cloud

Integration with SAP Hybris Marketing - Google AdWords and SAP Cloud Platform Integration

SAP Engineering Control Center 5.1

Frequently Asked Questions on Secure Usage of Remote Support Platform for SAP Business One (RSP)

SAP Convergent Charging 5.0

SAP Convergent Charging 5.0

SAP Capital Yield Tax Management for Banking 8.0

PUBLIC Setup 4.6 Systems for MAI

SAP Banking APIs (beta)

SAP Library 1/24/2013. Opportunistic Cross-Docking

SAP ERP Foundation Extension: Software Components of Ready-to-Activate Appliance

SAP Policy Management, group insurance add-on 1.1

SAP Capital Yield Tax Management for Banking 8.0

SAP Insurance Analyzer 2.0

Solution Manager Content for Dock Appointment Scheduling

SAP S/4HANA Supply Chain for secondary distribution (S4SCSD) FPS01

Compliant Provisioning Using SAP Access Control

Low Level System Readiness Check

SAP Transportation Management 9.1, Support Package 2 Enterprise Services

SAP Consolidated Payables Link

Field Data Capture for Upstream Allocations with SAP MII Release 2.0

How to Configure the Workflow Service and Design the Workflow Process Templates

E2E110. Application Operations in SAP Solution Manager COURSE OUTLINE. Course Version: 18 Course Duration: 5 Day(s)

System Readiness Check for ERP and PI

SAP Rapid data migration for SAP S/4HANA Software and Delivery Requirements. SAP Data Services 4.2 October 2016 English. Document Revisions

How to Integrate SAP BusinessObjects Dashboards (Xcelsius) Into Business Context Viewer (BCV)

What's New in SAP Business One 9.2

Intercompany Purchasing

How to Deploy SAP Business One Cloud with Browser Access

FI Localization for Ukraine Accounts Payable (FI-AP)

Master Guide 1704 SP1 Document Version: SAP SE or an SAP affiliate company. All rights reserved. CUSTOMER.

SAP Solution Manager Focused Insights Setup for ST-OST SP4. AGS Solution Manager SAP Labs France

SAP POS 2.3 SDK Technical Reference

Compatibility Issues in SAP Business One 9.3

Croatia Fiscalization Update FI Billing Documents with Fiscalization Data

How to Set Up and Use Serial/Batch Valuation Method

Configuration Content for Labor Management

How to Integrate SAP Crystal Server with SAP Business One

SAP Marketing Cloud Extensibility

Employee Central Imports

SAP Manufacturing Execution for Discrete Manufacturing Rapid Deployment Solution_V5.151: Software Requirements

Integration of SAP TM with Dangerous Goods

SAP Financial Close and Disclosure Management rapid-deployment solution: Software and Delivery Requirements

Maintain Vendor Evaluation (155.13)

SAP Business Client 6.5

SAP Best Practices for SuccessFactors Employee Central: Software and Delivery Requirements

Software and Delivery Requirements

Store Specific Consumer Prices

How to... Add an SAP BusinessObjects Xcelsius Dashboard to a Transport Request in SAP BW

SAP Business Client 6.5

Activation of Consumption Item Management in SAP Convergent Charging and SAP Convergent Invoicing

Migration of SAP ERP WM to SAP EWM

ITM208 Business Process Operation in SAP Solution Manager 7.2. Public

Business Partner Conversion Activities

SAP SuccessFactors Employee Central Integration to SAP ERP rapid-deployment solution V2.0 : Software and Delivery Requirements

SAP Business Client 7.0

Intercompany integration solution 2.0 for SAP Business One 9.2 and 9.3

FI Localization for Ukraine VAT Reporting and Accounting: System Report Documentation

Whitelisting Host and IP Ranges

Administrator's Guide SAP Shop Floor Dispatching and Monitoring Tool

E2E120. System and Application Monitoring in SAP Solution Manager 7.2 COURSE OUTLINE. Course Version: 18 Course Duration: 5 Day(s)

Configuration Content for RFID-Enabled EWM

Efficiently Develop Powerful Apps for An Intelligent Enterprise

SAP Best Practices for SAP S/4HANA (on premise) (V3): Software and Delivery Requirements

SAP Innovation And Optimization Pathfinder How-To-Guide

SAP HANA Customer Engagement Intelligence rapid-deployment solution: Software and Delivery Requirements

Integration of SAP EWM with SAP BusinessObjects Global Trade

Archiving Fiscal Documents

SAPX01. SAP User Experience Fundamentals and Best Practices COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

Release 6.0 HELP.SECGUIDE_ISHERCM

E2E120. System and Application Monitoring in SAP Solution Manager 7.2 COURSE OUTLINE. Course Version: 17 Course Duration: 5 Days

SAP BusinessObjects GRC 10.0 Integration Guide Access & Process Control 10.0

Intercompany integration solution 2.0 for SAP Business One 9.2

Golden Audit Reporting

SAP Quality Issue Management Rapid Deployment Solution: Software and Delivery Requirements

How to Create EU Sales Reports in SAP Business One 8.82 (DE)

HYPERION SYSTEM 9 PLANNING

7.2: Solution Documentation and Authorization for Business Process Operations (BPOps) Setup. SAP Solution Manager 7.2 SP3, SAP SE, November 2016

Import Business Documents Using OData Service CUAN_BUSINESS_DOCUMENT_IMP_SRV, 1702

How To Extend User Interface of Process E- commerce Returns

Version 4 Reference Guide. Mobile Inspections. January 2013

Oracle. SCM Cloud Getting Started with Your Manufacturing and Supply Chain Materials Management Implementation. Release 13 (update 18B)

Transcription:

Security Guide Focused Insights for SAP Solution Manager Document Version: 1.5 2018-02-15 ST-OST 200 SP 1

Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Example EXAMPLE Example Example <Example> Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. EXAM PLE Keys on the keyboard, for example, F2 or EN TER. 2 2018 SAP SE or an SAP affiliate company. All rights reserved. Focused Insight Roles and Personas

Document History Version Date Change 1.0 2016-11-28 First version created. 1.1 2017-01-19 Role SAP_BC_WS_DISPLAY has been replaced by the role SAP_TECHMON_DISPLAY_COMP. 1.2 2017-03-23 New role added: SAP_BC_WEBSERVICE_SERVICE_USER 1.3 2017-07-31 Support package 1 (SPS 1) 1.4 2017-11-22 Update of Anonymous Access 1.5 2018-02-15 Minor changes Add a new section for Instance Dashboard Group Configuration Focused Insight Roles and Personas 2018 SAP SE or an SAP affiliate company. All rights reserved. 3

Contents 1 Focused Insight Roles and Personas... 5 1.1 Personas... 5 1.2 Focused Insights Roles... 5 1.3 Standard SAP Solution Manager Roles and Authorizations... 7 2 Detailed Authorization Concept... 8 2.1 Definition... 8 2.2 Focused Insights Authorization Objects per Dashboard... 8 2.3 Focused Insights Authorization Objects... 9 2.4 Role Configuration Example... 9 3 Adding a Specific Dashboard Key to a Role... 11 4 Configuring Anonymous Access... 15 4.1 Step by Step Procedures... 15 4.1.1 Create Communication User for SAPUI5 Librairies...16 4.1.2 Add logon data to the SAPUI5 libraries...16 4.1.3 Create Anonymous User...16 4.1.4 Configure Roles and Authorisations...16 4.1.5 Create an External Alias for OData services... 17 4.1.6 Create an External Alias for BSP applications...18 4.1.7 Distribute URLs...19 4.2 Step by Step Example... 20 4.2.1 Create Anonymous user... 20 4.2.2 Add logon data to the SAPUi5 libraries... 22 4.2.3 Configure Roles and Authorizations... 24 4.2.4 Create External Aliases for Classic Dashboards... 29 4.2.5 Create External Aliases for Unified Dashboards... 34 5 Configuring Instance Dashboard Groups... 40 5.1 Step by Step Procedure... 40 5.1.1 Data Model... 40 5.1.2 Create the Dashboard Groups DB Table...41 5.1.3 Create the Dashboard Instance Groups DB Table...41 5.1.4 Configure Roles and Authorizations...41 5.2 Step by Step Example... 42 5.2.1 Create the Dashboard Groups DB Table... 43 5.2.2 Create the Dashboard Instance Groups DB Table... 45 5.2.3 Configure Roles and Authorization... 48 4 2018 SAP SE or an SAP affiliate company. All rights reserved. Focused Insight Roles and Personas

1 Focused Insight Roles and Personas Focused Insights for SAP Solution Manager is based on the overall architecture and infrastructure of SAP Solution Manager 7.2 SPS 5. Therefore, all the security guidelines for SAP Solution Manager apply. To check the Secure Configuration Security Guide of SAP Solution Manager, go to https://help.sap.com/viewer/p/sap_solution_manager and select version 7.2. SPS 5. 1.1 Personas Focused Insights delivers dashboards that consume metrics and KPIs from SAP Solution Manager and can be easily configured to display extensive information on all the systems connected to the SAP Solution Manager System. The following personas (main roles) are associated to the usage of these dashboards: Dashboard Configurator (or Administrator) Dashboard Configurators configure the dashboards. Based on the requirements of their organizations they will configure the dashboard models with the various systems and metrics from their SAP Solution Manager system. Configuring one dashboard model triggers the creation of an instance (configuration) of this dashboard. This instance is identified by a unique configuration ID. Dashboard User Dashboard Users view the data in the dashboards instances. These users are not able to make changes to the dashboard configuration. 1.2 Focused Insights Roles Two roles are delivered with Focused Insights. These Focused Insights roles provide a generic access to all dashboards; they can be copied and tailored to specific needs as described in this document. SAP_OST_FI_DISPLAY_ALL This is the role needed to view all the dashboard instances (regardless of the dashboard model). Here are the authorization objects and values details: Focused Insight Roles and Personas 2018 SAP SE or an SAP affiliate company. All rights reserved. 5

SAP_OST_FI_DISPLAY_ALL (Display All Dashboards) SAP_OST_FI_ADMIN_ALL This role can configure all dashboard models and instances. Here are the authorization objects and values details: SAP_OST_FI_ADMIN_ALL (Administration All Dashboards) 6 2018 SAP SE or an SAP affiliate company. All rights reserved. Focused Insight Roles and Personas

1.3 Standard SAP Solution Manager Roles and Authorizations To allow the users to execute the Focused Insights dashboards and applications, the following roles and authorizations must be assigned to the users in addition to the Focused Insights roles (SAP_OST_FI_DISPLAY_ALL and SAP_OST_FI_ADMIN_ALL): Roles: SAP_SMWORK_TECH_MON: This role is required to monitor performance of your systems by the customizing of templates pre-delivered by SAP. SAP_NOTIF_ADMIN: This role is used for Notification Management functionality in the SAP Solution Manager system. SAP_SM_EEM_LEVEl02: This role is required for using the EEM Monitoring UI or the Alert Inbox. With this role the user can trigger an extra execution (with trace) in the Monitoring UI or confirm an alert in the alert inbox. SAP_SYSTEM_REPOSITORY_DIS: This role is needed to display a technical system. SAP_TECHMON_DISPLAY_COMP: This role enables the display of usage of Technical Monitoring. It contains authorization for displaying the complete technical monitoring applications. SAP_BC_WEBSERVICE_SERVICE_USER: This role contains all authority objects needed to be able to run the back ground tasks of the web service. SAP_SM_BI_DISP: This role is used for displaying authorization for BW Reporting display user. Authorizations: S_RS_COMP: Using this authorization object, you can restrict the components that you work with in the Business Explorer query definition. S_RS_COMP1: With this authorization object, you can restrict query component authorization with regards to the owner. This authorization object is checked in conjunction with the authorization object S_RS_COMP. S_SERVICE: This authorization object is automatically checked when external services are started (not yet for all service types). Note These authorizations are included in SAP_OST_FI_DISPLAY_ALL role. As a best practice, a copy of these standard roles should be created in the customer namespace. Focused Insight Roles and Personas 2018 SAP SE or an SAP affiliate company. All rights reserved. 7

2 Detailed Authorization Concept 2.1 Definition The authorization objects, authorization fields, keys table, data elements, and table facade have been created under the package /STDF/DASH. The authorizations are defined independently for each Dashboard Factory model. A Focused Insights dashboard application is generally composed of the following components: Configuration application To configure a dashboard model into an instance of the dashboard. This application allows the dashboard configurator to select the technical systems and their KPIs and to define how they are displayed in the dashboard. OData service This is the communication backbone between the dashboard front-end and the SAP Solution Manager backend. BSP application This is the dashboard application that displays the configured dashboard instances. The access to these components is controlled by specific authorization objects. 2.2 Focused Insights Authorization Objects per Dashboard Dashboard Authorization Application Area SLR (Service Level Dashboard) /STDF/APPD Dashboard /STDF/APPC Configuration TAC(Tactical Dashboard) /STDF/APPD Dashboard /STDF/APPC Configuration OPE (Operation Dashboard) /STDF/APPD Dashboard /STDF/APPC Configuration SCR (Strategic Dashboard) /STDF/APPD Dashboard /STDF/APPC /STDF/APPQ /STDF/APPT Configuration Data Quality Template AP (Application Performance Dashboard) /STDF/APPD Dashboard 8 2018 SAP SE or an SAP affiliate company. All rights reserved. Detailed Authorization Concept

Dashboard Authorization Application Area /STDF/APPC Configuration RD (Readiness Dashboard) /STDF/APPD Dashboard /STDF/APPC Configuration OCC ( Dashboard Center) /STDF/APPD Dashboard /STDF/APPC Configuration 2.3 Focused Insights Authorization Objects The following authorizations are used in Focused Insights applications: /STDF/APPC Authorization to access configuration application. It contains an authorization field that is populated with the Focused Insights application code: SLR, STR, OPE, TAC, AP, RD, OCC. /STDF/APPD Authorization to run the dashboard. It contains two fields: KEY and APP. APP contains the Focused Insights app code: SLR, STR, OPE, TAC, AP, RD, OCC. KEY contains the dashboard keys. The keys should be in this format: <DASHBOARD_CODE>_ <CONFIG_ID>. /STDF/APPQ /STDF/APPT 2.4 Role Configuration Example This example describes how roles could be configured to control the access to some dashboards. In this example, two dashboard models are used: the Tactical Dashboard (Dashboard code: TAC) and the Operation Dashboard (code: OPE). For these two models, several instances which have been configured: Configuration IDs 4 and 6 for the Tactical Dashboard. Configuration ID 1 for the Operation Dashboard. Therefore, we have following dashboard keys: TAC_4 TAC_6 OPE_1 The following table shows another example of how roles could configure the following roles: Admin user role Strategic full access role Operation access role Detailed Authorization Concept 2018 SAP SE or an SAP affiliate company. All rights reserved. 9

Role Authorization Authorization field Value Comment ZDF_ALL STDF/APPC /STDF/APP * Role for admin STDF/APPD /STDF/APP * users /STDF/KEY * ZSTDF_STR_ALL /STDF/APPC /STDF/APP STR Role for /STDF/APPD /STDF/KEY * strategic full access, all /STDF/APP STR instances with /STDF/APPQ /STDF/APP * data quality report ZDF_OPE_INSTANCE_ROLE /STDF/APPC /STDF/APP OPE Role for /STDF/APPD /STDF/KEY OPE_1, OPE_2, OPE_3 /STDF/APP OPE operation, access for instances 1, 2 and 3 10 2018 SAP SE or an SAP affiliate company. All rights reserved. Detailed Authorization Concept

3 Adding a Specific Dashboard Key to a Role Prerequisites The administrator has already created a role to access the dashboard: Z_STDF_STR_ROLE (strategic dashboard role). Procedure 1. Go to transaction PFCG. Change Roles Adding a Specific Dashboard Key to a Role 2018 SAP SE or an SAP affiliate company. All rights reserved. 11

2. Edit the role. Edit Role 12 2018 SAP SE or an SAP affiliate company. All rights reserved. Adding a Specific Dashboard Key to a Role

3. Change the authorization. Edit Authorization 4. Update the authorization field. Update Authorization Adding a Specific Dashboard Key to a Role 2018 SAP SE or an SAP affiliate company. All rights reserved. 13

5. Use the value help to identify the dashboard key. Value help window 14 2018 SAP SE or an SAP affiliate company. All rights reserved. Adding a Specific Dashboard Key to a Role

4 Configuring Anonymous Access As an administrator, you provide access to Focused Insights application for different departments or teams. The usual scenario is that you create several configuration instances appropriate to each concerned entity and grant access to them according to the Focused Insights authorization concept. Behind the scene, you have to create users and roles for each entity to allow access to different configurations separately. If you want to broadcast the dashboard information to a large audience, this method would be tedious, might have impact on the licenses, and might also be a constraint, for example, if the dashboard owner just wants to provide direct links to the dashboard for information purposes, even to non-sap users. Therefore, you can configure Focused Insights applications to use ANONYMOUS ACCESS. 4.1 Step by Step Procedures The following steps have to be performed in your environement to enable the anonymous access to the Focused Insights dashboards: Steps Description Comment Create communication User for SAPUi5 Libraries Add logon data to the SAPUi5 libraries. Create the Anonymous User Configure Roles and Authorization Create an External Alias for OData services Create an External Alias for bsp applications Distribute URLs The communication user is used to authenticate when retrieving ui libraries. Setup of the scif The anonymous user is a communication user used to authenticate dashboard requests Each anonymous user is managed through the standard Focused insights roles and authorizations concepts Services aliases are used to associate dashboards requests to the anonymous users for automatic logon A dedicated URL for each dashboard based on the bsp and OData aliases will be given to your end-users in your organization Done only once for all anonymous access Done only once for all anonymous access Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 15

4.1.1 Create Communication User for SAPUI5 Librairies A communication user has to be created to access the SAPUi5 library services. 4.1.2 Add logon data to the SAPUI5 libraries The UI5 libs services are already activated. In order to configure the anonymous access, you have to modify the library service in the logon data tab by adding the selected communication user for UI5 libraries The links for UI5 libs are the following: Dashboard Name SAPUI5 Libraries Library Services /sap/bc/bsp/stdf/ui5 Common libraries used in Focused Insights /sap/bc/bsp/stdf/libs /sap/bc/ui5_ui5/stdf/libs 4.1.3 Create Anonymous User A named User of type communication is created to allow authentication to the Dashboards services. 4.1.4 Configure Roles and Authorisations A Role reflecting the authorisations access of your anonymous access has to be created and assigned to the anonymous user. 16 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

4.1.5 Create an External Alias for OData services Depending on the dashboards you want to access, you will need to create an alias for the following odata services: Dashboard Name Odata Service for classic dashboards (Pre SP1) Odata Service for unified dashboards (Post SP1) Tactical Dashboard /sap/opu/odata/stdf /tac_service /sap/opu/odata/stdf /tac_srv Operation Dashboard /sap/opu/odata/stdf /ope_service /sap/opu/odata/stdf /ope_srv Service Level Dashboard /sap/opu/odata/stdf /slr_service /sap/opu/odata/stdf /slr_dash_service_srv Strategic Dashboard /sap/opu/odata/stdf /scr_services /sap/opu/odata/stdf /scr_services Application Performance Dashboard /sap/opu/odata/stdf /ap_data_provider /sap/opu/odata/stdf /ap_data_provider OCC Dashboard /sap/stdf_fmcall /sap/opu/odata/stdf /occ_srv Readiness Dashboard /sap/opu/odata/stdf /rd_service /sap/opu/odata/stdf /rd_service Note If you want to access to unified dashboard, you will need to create a new alias for the following service: /STDF/DFL_SERVICE. This service is used to retrieve the connected user information. That s why we need to set it as anonymous. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 17

4.1.6 Create an External Alias for BSP applications Depending on the dashboards you want to access, you will need to create an alias for the following bsp services: Dashboard Name BSP Applications for classic dashboards (Pre SP1) BSP Applications for unified dashboards (Post SP1) Tactical Dashboard /sap/bc/bsp/stdf/tac_dashboard /sap/bc/bsp/ stdf/tac_dash /sap/bc/ui5_ui5/stdf/tac_dash Operation Dashboard /sap/bc/bsp/stdf/ope_dashboard /sap/bc/bcp/stdf/ope_scenario /sap/bc/bsp/ stdf/ope_dash /sap/bc/ui5_ui5/stdf/ope_dash Service Level Dashboard /sap/bc/bsp/stdf/slr_dash_async /sap/bc/bsp/ stdf/slr_dash /sap/bc/ui5_ui5/stdf/slr_dash Strategic Dashboard /sap/bc/bsp/stdf/scr_dashboard /sap/bc/bsp/ stdf/scr_dash /sap/bc/ui5_ui5/stdf/scr_dash Application Performance Dashboard /sap/bc/bsp/stdf/ap_dashboard /sap/bc/bsp/ stdf/ap_dash /sap/bc/ui5_ui5/stdf/ap_dash OCC Dashboard /sap/bc/bsp/stdf/dv /sap/bc/ui5_ui5/stdf/dv /sap/bc/bsp/ stdf/occ_dash /sap/bc/ui5_ui5/stdf/occ_dash Readiness Dashboard /sap/bc/bsp/stdf/rd_dashboard /sap/bc/bsp/ stdf/rd_dash /sap/bc/ui5_ui5/stdf/rd_dash 18 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

4.1.7 Distribute URLs Depending on your aliases, your end-users will access the different dashboards with a dedicated URL following the pattern below: For Classic Dashboards, other than OCC: http://server:port/{bsp_alias}/index.html?configid={configid}&df_alias={odata_alias} For Classic OCC Dashboard: http://server:port/{bsp_alias}/dashboard.html#{configid}?df_alias={fmcall_service_alias} For Unified Dashboards: http://server:port/{bsp_alias}/index.html? configid={configid}& DF_ALIAS={odata_alias}&FI_C_ALIAS={dfl_alias} Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 19

4.2 Step by Step Example In this example, a SAP Customer company is using Focused Insights. The company has two departments: Department 1 and Department 2. The administrator configures two OPE dashboard configuration instances: INSTANCE_1 and INSTANCE_2. The administrator wants to provide a direct access link to INSTANCE_1 to Department 1 and another direct access link to INSTANCE_2 to Department 2 (without having to be authenticated). The following sections describe the configuration steps for the ANONYMOUS ACCESS. 4.2.1 Create Anonymous user In this step, you create a communication user that will be set later for ANONYMOUS ACCESS. 1. Execute TCODE SU01 Enter DFANONUMOUS1 and choose Create. 2. In the field User Type, select Communication Data and set the initial password and save your settings. 20 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

3. Set a production password. 4. Assign the following roles and authorizations to this user: o SAP_SMWORK_TECH_MON o ZSAP_NOTIF_ADMIN o SAP_SM_EEM_LEVEl02 o SAP_SYSTEM_REPOSITORY_DIS o SAP_TECHMON_DISPLAY_COMP o SAP_BC_WEBSERVICE_SERVICE_USER o SAP_BI_E2E_DISPLAY Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 21

o SAP_EEM_DISP o SAP_SM_BI_DISP o SAP_SM_BPOANA_DIS o SAP_ESH_TRANSPORT 5. Repeat above steps to create a new DFANONYMOUS2 user. 4.2.2 Add logon data to the SAPUi5 libraries 1. Execute TCODE SICF and choose LIBS as a ServiceName then click Apply. 2. Click on the target /default_host/sap/bc/ui5_ui5/stdf/libs 22 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

3. On the Logon Data tab page, set DFANONYMOUS1. Make sure that the password status is set. 4. Repeat same steps as for the following library services: /sap/bc/bsp/stdf/ui5/sap/bc/bsp/stdf/libs Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 23

4.2.3 Configure Roles and Authorizations In this step, you create two different roles with the authorizations needed to access INSTANCE_1 and INSTANCE_2: DF_OPE_ROLE_DEP1: Role to be assigned to grant access to OPE Instance 1 DF_OPE_ROLE_DEP2 Role to be assigned to grant access to OPE Instance 2 Creation of DF_OPE_ROLE_DEP1 1. Execute transaction code PFCG 2. Choose Create Single Role. 3. Enter a description and save. 4. Go to the Authorizations tab page. 5. Choose Change Authorization Data. 24 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

6. In the Choose Template pop-up window, choose Cancel. 7. To select the authorization objects manually, choose Manually. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 25

8. Add the Authorization Object /STDF/APPD. 9. Configure the authorization object /STDF/APPD as follows: a. Authorization Field App refers to the Focused Insights application. b. Dashboard Keys refers to Focused Insights application configuration instances. It respects this naming convention <APP>_<INSTANCE_ID>. 26 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

10. Save the role. 11. Generate the role. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 27

12. In the Users tab, add DFANONYMOUS1 and choose User Comparison. Creation of DF_OPE_ROLE_DEP2 The same steps should be followed to create the role DF_OPE_ROLE_DEP2 (you can copy DF_OPE_ROLE_DEP1 and change the Authorization Object fields values. Note that in the screen shot below the Dashboard Keys field has been set to OPE_2: 1. Assign this role to ANONYMOUS2 user. 28 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

4.2.4 Create External Aliases for Classic Dashboards As an example, this section describes the aliases (bsp and OData) creation for accessing OPE INSTANCE_1 for Department 1. You should then follow the same steps for creating an alias for OPE INSTANCE_2 for Department 2. OData External Alias creation 1. Execute TCODE SICF and choose External Aliases. 2. Select the root node and choose Create New External Alias. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 29

3. In the next screen, specify the External Alias name and description and on the Target Element tab navigate to the OPE_SERVICE SICF node and double click it. Note The alias name should start with "/". 30 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

Now the external alias is mapped to this target as shown below: 4. On the Logon Data tab page, set DFANONYMOUS1. Make sure that the password status is set. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 31

BSP External Alias Creation 1. Repeat same steps as for the OData external alias creation and you will have the following configuration: 2. On the Logon Data tab page, set DFANONYMOUS1. Make sure that the password status is set. 3. To have the OData SICF Node accessible as ANONYMOUS for direct access, the procedure should be set to Required with Logon Dsata (instead of Standard). 32 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

4. Now OPE INSTANCE_1 for Department 1 could be accessed ANONYMOUSLY for any end user having the below link (pay attention to the DF_ALIAS parameters, it is mandatory) http://server:port/ope_dash_1_alias/index.html?configid=1&df_alias=ope_odata_1_alias 5. Repeat same steps for OPE INSTANCE_2 for Department 2. Note Refer to the tabs on the sections 4.1.5 and 4.1.6 to create external Aliases for other dashboards. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 33

4.2.5 Create External Aliases for Unified Dashboards As the previous section, we will describe the steps to be done to create external aliases for Unified dashboards. We will also create an alias to an additional Service which is DFL Service. You should then follow the same steps for creating an alias for OPE INSTANCE_2 for Department 2. Data External Alias creation 1. Execute TCODE SICF and choose External Aliases. 2. Select the root node and choose Create New External Alias. 3. In the next screen, specify the External Alias name and description and on the Target Element tab navigate to the OPE_SERVICE SICF node and double click it. Note The alias name should start with "/". 34 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

Now the external alias is mapped to this target as shown below: Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 35

4. On the Logon Data tab page, set DFANONYMOUS1. Make sure that the password status is set. 36 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

5. To activate the Anonymous Access for Unified Dashboards you must create DFL_Service external alias. You repeat same steps as shown for the Odata services and you will have the following configuration: 6. On the Logon Data tab page, set DFANONYMOUS1. Make sure that the password status is set. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 37

BSP External Alias Creation You repeat same steps as for the OData external alias creation and you will have the following configuration: 1. On the Logon Data tab page, set DFANONYMOUS1. Make sure that the password status is set. 2. To have the OData SICF Node accessible as ANONYMOUS for direct access, the procedure should be set to Required with Logon Data (instead of Standard). 38 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Anonymous Access

3. Now OPE INSTANCE_1 for Department 1 could be accessed ANONYMOUSLY for any end user having the below link: http://server:port/ope_dash_11_alias/index.html?configid=1&df_alias=ope_odata_11_alias&fi_c_alias= dfl_alias 4. Repeat same steps for OPE INSTANCE_2 for Department 2. Note Pay attention to the DF_ALIAS and FI_C_ALIAS parameters, they are mandatory for Unified Dashboards. The DFL external Alias is created just once for one Anonymous User. Configuring Anonymous Access 2018 SAP SE or an SAP affiliate company. All rights reserved. 39

5 Configuring Instance Dashboard Groups Usually, the administrator can grant access to Focused Insights Applications for different users by giving authorization to each dashboard instance individually. For making the authorization process easier to manage, we introduce a new concept: INSTANCE DASHBOARD GROUP. It helps to organize dashboard instances and simplify authorizations maintenance. Indeed, for configuring the access to different instances of multiple dashboards, you can put them in the same group and assign them to roles. Inside the same group, all dashboard types (OCC, OPE, TAC ) can be mixed up. 5.1 Step by Step Procedure The following steps have to be performed in your environment to enable the Instance Dashboard Group for the Focused Insights dashboards: Create the Dashboard Instance Groups DB Table Create the Dashboard Groups DB Table Configure Roles and authorizations 5.1.1 Data Model For using the authorization Group Concept two tables have to be created: Dashboard Groups Dashboard Instance Groups These tables are defined with this model: 40 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Instance Dashboard Groups

5.1.2 Create the Dashboard Groups DB Table The Dashboard Groups DB Table contains two columns: Group Id: It is a string and not an integer as it is more convenient to support the group creation/deletion process together with the maintenance of authorizations. Group Name 5.1.3 Create the Dashboard Instance Groups DB Table The Dashboard Instance Groups DB Table contains three columns: Group Id Dashboard Model: It is the name of the dashboard. Dashboard Instance Id: It corresponds to the dashboard instance that will be included in the group. A dashboard instance belongs to only one group. To remain compatible with the released versions of Focused Insights, dashboard instance may have no group assigned (i.e. default group). 5.1.4 Configure Roles and Authorizations You can configure a Role using the authorization APPD: Display Authorization to give access to dashboard groups. When a user has the display authorization for a group, all dashboard instances belonging to this group can be displayed. Group ids can be used as keys for display authorizations (authorization object/stdf/appd). They should be written GROUP_<ID> where <ID> is the id of a group. Note For displaying a dashboard instance, the user must have also the Authorization Field App (/STDF/APP) set for the corresponding dashboard model. Configuring Instance Dashboard Groups 2018 SAP SE or an SAP affiliate company. All rights reserved. 41

5.2 Step by Step Example In this example, a SAP Customer company is using Focused Insights. The company has two departments: Department1 and Department 2. The administrator configures two users to provide them different authorizations to Dashboard Instances: FI_GRP_TST_1 and FI_GRP_TST_2. The administrator wants to provide to the user FI_GRP_TST_1 the Authorization to Display these instances: Dashboard Model Dashboard Instance Id TAC 1, 3 OCC 4 OPE 1, 2 The administrator wants to provide to the user FI_GRP_TST_2 the Authorization to Display these instances: Dashboard Model Dashboard Instance Id TAC 1,3 OCC 1, 3 OPE 2 The following sections will describe the configuration steps for the Instance Dashboard Groups. 42 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Instance Dashboard Groups

5.2.1 Create the Dashboard Groups DB Table As first step we have to create Dashboard Groups DB Table. We propose to have three groups in our case: Group Id TEST1 Group Name TEST1 TEST2 TEST2 TEST3 TEST3 1. Execute transaction code SE80 and go to the /STDF/DASH_GRPS Configuring Instance Dashboard Groups 2018 SAP SE or an SAP affiliate company. All rights reserved. 43

2. Click on Utilities Tab then go to Table Contents -> Create Entries 3. Enter the GROUP ID and GROUP NAME and Save 4. Do the same for the Group Id= TEST2 5. Make sure that the Dashboard Groups DB Table is created 44 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Instance Dashboard Groups

6. Click on Execute to display the list of created dashboard groups. 5.2.2 Create the Dashboard Instance Groups DB Table 1. As second step we have to create the following Dashboard Instance Groups DB Table. Group Id Dashboard Model Dashboard Instance ID TEST1 TAC 1 TEST1 TAC 3 TEST1 OPE 2 TEST2 OCC 4 TEST2 OPE 1 TEST3 OCC 1 TEST3 OCC 3 Configuring Instance Dashboard Groups 2018 SAP SE or an SAP affiliate company. All rights reserved. 45

2. Execute transaction code SE80 and go to the /STDF/INST_GRPS 3. Click on Utilities Tab then go to Table Contents -> Create Entries 4. In the next screen, specify the Group_ID name, the Dash Mode and Dash Inst ID 46 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Instance Dashboard Groups

5. Do the same for the others Dashboard Instances 6. Make sure that the Dashboard Instance Groups DB Table is created 7. Click on Display to display the list of created dashboard groups. Configuring Instance Dashboard Groups 2018 SAP SE or an SAP affiliate company. All rights reserved. 47

5.2.3 Configure Roles and Authorization In this step, you create two different roles with the authorizations needed to access the different instances of dashboard: Z_FI_GRP_TST_1 Role to be assigned to grant access for User1 Z_FI_GRP_TST_2 Role to be assigned to grant access for User2 Creation of Z_FI_GRP_TST_1 1. Execute transaction code PFCG 2. Choose Create Single Role. 3. Enter a description and save 4. Go to the Authorizations tab page. 5. Choose Change Authorization Data. 48 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Instance Dashboard Groups

6. In the Choose Template pop-up window, choose Do not select Template. 7. To select the authorization objects manually, choose Manually. 8. Add the Authorization Object /STDF/APPD. 9. Configure the authorization object /STDF/APPD as follows: 1. Authorization Field App refers to the Focused Insights application. 2. Dashboard Keys refers to Focused Insights application configuration instances. It respects this naming convention for instance Group is GROUP_<ID> Configuring Instance Dashboard Groups 2018 SAP SE or an SAP affiliate company. All rights reserved. 49

10. Save the role. 11. Generate the role. 12. In the Users tab, add FI_GRP_TST_1 and choose User Comparison. 50 2018 SAP SE or an SAP affiliate company. All rights reserved. Configuring Instance Dashboard Groups

Creation of Z_FI_GRP_TST_2 The same steps should be followed to create the role Z_FI_GRP_TST_2 (you can copy Z_FI_GRP_TST_1 and change the Authorization Object field s values). Note that in the screenshot below the Dashboard Keys field has been set to GROUP_TEST1 and GROUP_TEST3. 1. Assign this role to FI_GRP_TST_2 user. Configuring Instance Dashboard Groups 2018 SAP SE or an SAP affiliate company. All rights reserved. 51

www.sap.com/contactsap 2018 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Please see http://www. sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback