Product(s): | APM Implementation and Performance Management | ||
Version(s): | 7 | ||
Environment: | N/A | ||
Area: | N/A | ||
Subarea: | N/A |
User would like to know what security permissions are needed in SAP to support the APM to SAP Gateway functions.
There are 2 things to consider in regards to security and permissions for the APM to SAP Gateway.
Item 1 - Authentication:
The SAP Gateway needs Basic Authentication to be set as the only allowable authentication for the ZAPAPMExternalData Service in SAP. See the link below for details:
https://bentleysystems.service-now.com/community?id=kb_article_view&sysparm_article=KB0089322
Item 2 Object specific security:
Although we have no formal documentation on the requirements here, we ask for the user to set the SAP Security settings as follows:
For the End Users:
We typically state that if a user is not allowed to do something currently in SAP, then they should be locked out from those functions in the APM application as well.
Your existing end user roles in SAP will likely need to remain the same unless you don’t currently have those roles mapped out yet.
Bentley APM Service User:
We typically recommend this user have Read and Write access to all interfaced objects except for FLOC and Equipment. For FLOCs and Equipment this user only needs Read for all properties except ABC Indicator. For the FLOC and Equipment ABC Indicator property this user needs Read and Write.
Roles:
Operator, Trades person, Inspector: (These users should have the following rights to all interfaced/integrated objects as follows):
FLOCs/Equipment – Read for all properties
Task List – Read for all properties
Maintenance Item – Read for all properties
Maintenance Plan – Read for all properties
Job Plan – Read for all properties
Notification – Read and Write for all properties
Maintenance Order – Read for all properties
Read and write are needed by all Notification properties to allow for initial creation of these Properties in APM. All other interfaced objects will need read only.
Bentley APM Service User, Reliability Engineer, Maintenance Engineer, Planner, Maintenance Supervisor and Inspector: (These user should have all interface objects as follows):
FLOCs/Equipment – Read and Write for ABC Indicator, Read for all other properties
Task List – Read and Write for all properties
Maintenance Item – Read and Write for all properties
Maintenance Plan – Read and Write for all properties
Job Plan – Read and Write for all properties
Notification – Read and Write for all properties
Maintenance Order – Read and Write for all properties
Read and write are needed for all of these properties to allow for initial creation of these objects in APM. Only FLOCs and Equipment don’t need Read and write because APM won’t be used for creating these in SAP. But we do need to update the ABC Indicator in SAP so we need Read and Write specifically for that function.
.