Roles and Profiles in the SAP Solution Manager System

Due to the system landscape of SAP Solution Manager System and Satellite Systems, it is necessary to assign users with corresponding roles in the SAP Solution Manager including Diagnostics as well as in the Satellite System (so-called Monitored Systems in respect to Diagnostics).

For details on all roles concerning Diagnostics, refer to Diagnostics (Advanced Guide) on the SAP Service Marketplace: service.sap.com/installation → Installation and Upgrade Guides.

For more information on the concept and authorization objects, see: Authorization Concept Solution Manager 4.0.

The table below provides an overview of the roles and profiles for SAP Solution Manager system. For the AS Java, the default user store is the ABAP database, thus users have to be created within transaction SU01 only.

For the according scenarios, users have to be also assigned in the Satellite Systems with the corresponding roles (see chapter 4.4).

Users who are required to log on by using trusted RFC destinations must also assign trusted system authorizations. In particular, you have to assign the profile S_RFCACL (as of < SAP NetWeaver AS 7.00) or the role SAP_S_RFCACL (as of SAP NetWeaver AS 7.00) which contains the authorization object S_RFCACL. S_RFCACL consists of a number of authorization fields which allow a trusting trusted relation between SAP Solution Manager and any Satellite system. Due to the high potential risk of such an RFC connection the authorization object S_RFCACL is not included in SAP_ALL.

Scenario Role Purpose

SAP_SOL_PM_COMP 1) Composite role: Organizing and planning a project SAP_SOL_AC_COMP 1) Composite role: Create Business content and the

documentation of operational activities

SAP_SOL_BC_COMP 1) Composite role: Development of customer-specific programs and authorizations

SAP_SOL_TC_COMP 1) Composite role: Installing systems and providing technical support

SAP_SOL_RO_COMP 1) Composite role: Read-only authorizations for SAP Solution Manager

SAP_SOL_RE_COMP 1) Composite role: Read user according to status (document management)

SAP_SOL_LEARNING_MAP_DIS For restricted authorization for user SOLARSERVICE, which is used for accessing HTTP services in the Solution Manager without login, e.g. for displaying HTML Learning Maps (1); see Basic settings in IMG.

Implementation and Distribution

SAP_DMDDEF_DIS For restricted authorization for user SOLARSERVICE, which is used for accessing HTTP services in the Solution Manager without login, e.g. for displaying HTML Learning Maps (1)

SAP_RMDEF_RMAUTH_EXE For administrator purposes: change of roadmaps Implementation and

Distribution (Changing of

Roadmaps) SAP_RMDEF_RMAUTH_DIS For display purposes: change of roadmaps.

Implementation and

Distribution (E-Learning SAP_SOL_TRAINING_EDIT Single role (included in SAP_SOL* Composite roles), needed to use E-Learning Management tool.

Solution Transfer SAP_SOLUTION_TRANSFER Authorization to transfer a solution from one SAP Solution Manager system to another SAP Solution Manager system.

SAP_SUPPDESK_ADMIN 2) Authorizations needed to configure the Service Desk and IC WebClient. In addition, it contains the authorizations for the roles

SAP_SUPPDESK_PROCESS, SAP_SUPPDESK_DISPLAY, and SAP_SUPPDESK_CREATE,

SAP_SUPPDESK_PROCESS 2) Authorizations needed for message (notification) processing, including the use of the solution database SAP_SUPPDESK_CREATE 2) Create support messages from the satellite systems or in the central SAP Solution Manager system. If a generic RFC user is used to create notifications in the SAP Solution Manager system (that is, the user is specified in the RFC destination in transaction SM59 in the satellite systems), the role will only need to be assigned to this generic RFC user.

Service Desk (Service Desk-Messages and IC WebClient)

SAP_SUPPDESK_DISPLAY 2) Display user

SAP_SUPPCF_ADMIN Administrator authorization for creating and processing, see: SAP Note 834534.

SAP_SUPPCF_CREATE Key user (IT-Operator) authorization to create messages, see: SAP Note 834534.

Service Desk (Preconfiguration for Service Providers)

SAP_SUPPCF_PROCESS Support Employee authorization to process messages, see: SAP Note 834534.

SAP_SV_SOLUTION_MANAGER Full authorization SAP_SV_SOLUTION_MANAGER_DISP Display authorization SAP_SUPPDESK_ADMIN 2) 4) For EXPERTMODE

Authorizations needed to configure the Service Desk. In addition, it contains the authorizations for the roles SAP_SUPPDESK_PROCESS,

SAP_SUPPDESK_DISPLAY, and SAP_SUPPDESK_CREATE SAP_SUPPDESK_PROCESS 2) For EXPERTMODE

Authorizations needed for message (notification) processing, including the use of the solution database Service Desk (Issue

Tracking)

SAP_SUPPDESK_DISPLAY 2) For EXPERTMODE Display user Service Desk (Third Party

Integration) SAP_SUPPDESK_INTERFACE Authorization for bidirectional interface SAP_CM_CHANGE_MANAGER_COMP 1) Approving or rejecting change requests

SAP_CM_DEVELOPER_COMP 1) Corrections in the development system; Corrections in the maintenance and development systems

SAP_CM_TESTER_COMP 1) Testing corrections in the test system¸ Testing and validating corrections

SAP_CM_OPERATOR_COMP 1) Import corrections into the production system; Task lists SAP_CM_PRODUCTIONMANAGER_COMP

1) Import corrections into the production system; Approve

imports into the production systems SAP_SOCM_REQUESTER Create change requests

Change Management (Change Request Management -> Schedule Manager; Service Desk, cProjects)

SAP_CM_ADMINISTRATOR_COMP 1) Customize and check Change Request Management functions; Administrative and technical maintenance SAP_MAINT_OPT_ADMIN 3) Full authorization for Maintenance Optimizer Change Management

(Maintenance Optimizer)

SAP_MAINT_OPT_DISP 3) Display authorization for Maintenance Optimizer

SAP_SDCCN_EXE Maintain Service Data Control Center SAP_SOLMAN_DIRECTORY_ADMIN Administer Data in Solution Directory SAP_SOLMAN_DIRECTORY_EDIT Maintain Data in Solution Directory Solution Monitoring

(Solution Directory)

SAP_SOLMAN_DIRECTORY_DISPLAY Display Data in Solution Directory

SAP_SV_SOLUTION_MANAGER Full authorization for all functionalities within transaction SOLUTION_MANAGER, display authorization for Implementation and Distribution

SAP_SV_SOLUTION_MANAGER_DISP Display authorization for all functionalities within transaction SOLUTION_MANAGER, display authorization for Implementation and Distribution SAP_SETUP_DSWP Full authorization for all sessions in area operations

setup

SAP_SETUP_DSWP_SLR Full authorization for session Service Level Reporting in area operations setup (according to Bundled)

SAP_SETUP_DSWP_SM Full authorization for session System Monitoring in area operations setup (according to BundleID)

SAP_SETUP_DSWP_BPM Full authorization for session Business Process Monitoring in area operations setup (according to BundleID)

SAP_SETUP_DSWP_CSA Full authorization for session Central Service Administration in area operations setup (according to BundleID)

SAP_OP_DSWP Full authorization for all sessions in area operations SAP_OP_DSWP_SLR Full authorization for session Service Level Reporting in

area operations (according to BundleID)

SAP_OP_DSWP_SM Full authorization for session System Monitoring in area operations setup (according to BundleID)

SAP_OP_DSWP_EWA Full authorization for session EarlyWatch Alert in area operations (according to BundleID)

SAP_OP_DSWP_BPM Full authorization for session Business Process Monitoring in area operations (according to BundleID) Solution Monitoring

(Operations)

SAP_OP_DSWP_CSA Full authorization for session Central Service Administration in area operations (according to BundleID)

SAP_SOL_REP_ADMIN Authorization for also maintaining system availability data.

Solution Reporting

SAP_SOL_REP_DISP Authorization for report execution and display only.

BI Reporting SAP_BW_SOLUTION_MONITORING Full authorization for BI Reporting Service Connection SAP_SERVICE_CONNECT Authorizations for Service Connection

SAP_SOLMANDIAG_SAPSUPPORT Contains the required authorizations for using the Diagnostics for user SAPSUPPORT, see alsoSAP Note 828533

SAP_SMDIAG_WIZARD Authorization for using the Diagnostics Wizard to transfer data from Solution Manager to Diagnostics SAP_SMDIAG_TEMPLATE Authorization to edit templates for Diagnostics SAP_XI_DISPLAY_USER Composite role for ABAP and JAVA and SLD GUEST

role SAP_SLD_GUEST; Only on XI systems => NW04 SP18

Root Cause Analyses

SAP_XI_MONITOR Composite role; Only on XI systems => NW04 SP18

1) Composite roles with naming convention _COMP consist of a number of single roles, which

2) For several use cases it is necessary to assign a SAP Support Portal contact to SAP Solution Manager users who will communicate with SAP Support Portal via RFC-Destination SAP-OSS.

The contact you maintain corresponds to the user in SAP Support Portal without 'S'. An S-User is a user ID for the SAP Support Portal. You request your user ID for the SAP Support Portal via www.service.sap.com.

In SAP Solution Manager, you need maintenance authority for authority group 'AISU' for this activity (authority object S_TABU_DIS). The role SAP_SUPPDESK_ADMIN has this authority.

In the SAP Support Portal, the S-User needs to have the following authorizations:

For scenario Support Desk and EoD:

- Create message:

ANLEG: Create SAP message - Send message:

GOSAP: Send to SAP

WAUFN: Reopen SAP message - Confirm message:

QUITT: Confirm SAP message - SAP notes search:

NOTES: Search for notes - Display/change Secure Area:

PWDISP Display Secure Area PWCHGE Change Secure Area For scenario Service Connection:

- Open Service Connections:

SVER Open Service Connection - Setup/migrate a Service Connection:

SVER Open Service Connection INSTPROD Maintain System Data For function SAP HotNews:

- SAP notes search:

NOTES: Search for notes

3) New roles for Solution Manager 4.0 as of SP09

4) To maintain actions, you need the additional role SAP_PPF_CONFIGURATOR

For more information:

SAP Solution Manager Roles SAP Note 834534 (SAP Solution Manager Roles)

Role Maintenance online documentation: Choose Help → Application Help → Solution Manager → Projects → Project Preparation → Roles in Solution Manager

Change Request Management Roles Online documentation (in SAP Solution Manager system):

Help → Application Help → SAP Solution Manager → Change Request Management → Roles in Change Request Management