Create Protect4S VM users and roles
Protect4S VM requires two different types of users:
Application users with their applicable roles in the Protect4S system
Different types of users in the satellite systems
Protect4S system users
Protect4S VM is an application based on SAP WebDynpro and allows for multiple users accessing the functionality at the same time. In order to access the specific parts of the functionality, all Protect4S VM users need to be provided with a suitable user role.
✔ Due to the sensitive nature of the information that Protect4S VM generates, it is recommended to give due consideration to the role distribution.
✔ Please make sure to always use the latest version of these roles as provided in the support packages.
Protect4S VM distinguishes several different functional user types:
Functional user
Role
Description
Administrator
/ESEC/SA_ADMINISTRATOR
Is able to start all menu's. Is required for License Administration
Customiser
/ESEC/SA_CONFIGURATOR
Configures all master data like Systems, Companies, etc.
Planner
/ESEC/SA_PLANNER
Plans Projects and has read access to master data
Reviewer
/ESEC/SA_REVIEWER
Is able to view the reports produced by Protect4S VM
Reviewer (Management Overview)
/ESEC/SA_REVIEWER_MANAGER
Can view the Management Overview report only
Background user
/ESEC/SA_BACKGROUND_EXECUTOR
Background user that effectively executes the background jobs for Scan notification and the jobs that run all Projects
Scan export users
/ESEC/SA_SCAN_EXPORT
Is able to export the Scan reports
Mitigation user
/ESEC/SA_MITIGATOR
Is able to create mitigation reports
Users in the satellite systems
Depending on the satellite system type, the following user types must be created or present in the satellite systems:
ABAP RFC type user(s) for ABAP and dual-stack type systems
JAVA users for J2EE type systems (Portal, PI) etc. or dual-stack systems
Database users
Operating System users
BusinessObjects users
Roles required in the satellite systems
The following overview shows the purpose of the roles that needs to be distributed to the satellite systems which are to be connected.
ESEC_SA_SATELLITE
This role is required to execute the checks in the satellite system. It does not have authorizations to perform changes to your system.
ESEC_SA_SATELLITE_PUSH
This is an optional role which is needed if you would like to distribute roles automatically (only works if CUA is not active for the satellite system)
ESEC_SA_SATELLITE_MITIGATE
This is an additional role on top of the ESEC_SA_SATELLITE role for the user used in the destination. It is required for the systems that will be used for mitigation of OSS Notes.
In general this applies for single tier system or Development systems.
Notice, the user type will have to be set as Service.
Last updated