Skip to main content

Configuring a target system administrator

Bravura Security Fabric uses a designated account on the SAP target system to carry-out connector operations.

Ensure that the functions are all available and configured as listed below for the target administrator credential in order for the connector operations to be successful. Contact Bravura Security support if your SAP administrator would like to reduce access for any of these functions.

Create this account (for example, psadmin) with the following authorizations:

Cross-application Authorization Objects > Authorization Check For RFC Access:

  • Name of RFC to be protected = *

  • Type of RFC object to be protected = *

    This authorization allows a user to remote logon to the SAP server and run RFC functions.

Cross-application Authorization Objects > Transaction Code Check at Transaction Start:

  • Transaction code = SU01

    This authorization allows a user to run transaction SU01.

Basis: Administration > User Master Maintenance: User Groups:

  • Activity = *

  • User group in user master maintenance = *

    This authorization allows a user to manage another user. User group in user master maintenance is set to ⋆, which means that users with this authorization can manage all users.

    In your environment, you can select a set of user groups if Bravura Security Fabric will not manage all the users on the SAP target.

Basis: Administration > Authorizations: Role Check:

  • Activity = 02 Change

  • Activity = 22 Enter, Include, Assign

  • Role Name = *

    This authorization allows a user to add/delete a user to/from a role.

Basis: Administration > Table Maintenance (via standard tools such as SM30):

  • Activity = 03 Display

  • Authorization Group = *

    This authorization allows a user to list users, groups, and their attributes.

Basis: Administration > User Master Maintenance: Authorization Profile:

  • Activity = 22 Enter, Include, Assign

Basis: Administration > User Master Maintenance: System for Central User Maintenance:

  • Activity = 02 Change

  • Receiving system for central user administration = *

    Note

    If your system is a CUA system, you may require additional authorization(s).

Warning

Due to the customizable nature of SAP, these authorizations may not be complete or accurate for your SAP installation. If you experience any problems, contact your SAP administrator for assistance in deriving adequate permissions.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric.

In this section: