Configure custom authorization and role management(配置自定义授权与角色管理)¶
The Palantir Foundry Connector 2.0 for SAP Applications supports custom authorization management from SP16 onwards. Roles and object access definitions can be defined on transparent tables instead of SAP Standard Authorization Management (PFCG).
To enable this feature, run the /PALANTIR/PARAM transaction and maintain the following parameter values:
- Param ID:
SYSTEM - Param Name:
AUTH_CHECK_SOURCE - Param Value:
TABLE
If this feature is enabled, existing content roles will not be checked. To deactivate this feature, delete the parameter or change the parameter value from TABLE to PFCG.
To create custom roles, follow the steps below:
- Run the
/PALANTIR/AUTH_01transaction to define new roles. -
Role ID is the unique identifier for the role. It can be used across all contexts.
-
Object Type is the object type supported by the Foundry SAP Connector:
TABLEREMOTETABLEINFOPROVIDERREMOTEINFOPROVIDERBEXFUNCTIONREMOTEFUNCTIONSLTEXTRACTOR
-
Object is the main extraction object. For example, if the object type is
TABLEthen the object should be the table name (BSEGorB*; wildcards are supported). -
Configure the
Exc/Incsetting to allow or deny access. UseExcludeto deny access to objects. -
Run the
/PALANTIR/AUTH_02transaction and assign roles to users and contexts. - The user is the one used by Foundry to connect to SAP, defined in the Foundry Source configuration.
- If there is no remote agent, extractor, or SLT, then context should be left blank.
- The same role can be used for multiple contexts and users.
中文翻译¶
配置自定义授权与角色管理¶
适用于 SAP 应用的 Palantir Foundry 连接器 2.0 从 SP16 版本起支持自定义授权管理。角色和对象访问权限定义可在透明表上定义,而无需使用 SAP 标准授权管理(PFCG)。
要启用此功能,请运行 /PALANTIR/PARAM 事务并维护以下参数值:
- 参数 ID:
SYSTEM - 参数名称:
AUTH_CHECK_SOURCE - 参数值:
TABLE
如果启用此功能,现有内容角色将不再被检查。要停用此功能,请删除该参数或将参数值从 TABLE 更改为 PFCG。
要创建自定义角色,请按照以下步骤操作:
- 运行
/PALANTIR/AUTH_01事务以定义新角色。 -
角色 ID(Role ID)是角色的唯一标识符,可在所有上下文中使用。
-
对象类型(Object Type)是 Foundry SAP 连接器支持的对象类型:
TABLEREMOTETABLEINFOPROVIDERREMOTEINFOPROVIDERBEXFUNCTIONREMOTEFUNCTIONSLTEXTRACTOR
-
对象(Object)是主要的提取对象。例如,如果对象类型为
TABLE,则对象应为表名(如BSEG或B*;支持通配符)。 -
配置
Exc/Inc设置以允许或拒绝访问。使用Exclude可拒绝访问对象。 -
运行
/PALANTIR/AUTH_02事务,将角色分配给用户和上下文。 - 用户(User)是 Foundry 用于连接 SAP 的用户,需在 Foundry 源配置中定义。
- 如果没有远程代理、提取器或 SLT,则上下文(Context)应留空。
- 同一角色可用于多个上下文和用户。