Assigning a Conigma user to a Conigma user group
Functional scope
There are several ways how a Conigma user can be assigned to a Conigma user group. These possibilities depend on the mode of the user group and which mode is allowed in the configuration.
Assignment via object links
When assigning Conigma users to Conigma user groups via object links, the assignment is done manually. To do this, simply open the context menu of the user group with the right mouse button and select the menu item "Add user". Afterwards a dialog window opens, where you can add one or more Conigma users to the group.
In order to manually assign a Conigma user to a Conigma user group, the user group mode must be set to either "Conigma Object Links" or "Hybrid". Further details about the different modes can be found in the chapter Create a Conigma user group.
Assignment via SAP authorizations
The authorization object /GAL/CCM_A exists for assigning users to a user group and contains the following authorization values.
/GAL/CCM_1: The ID of the repository to which the permission must apply or * for all repositories
/GAL/CCM_I: Internal ID of a user group
/GAL/CCM_E: External ID of a user group
Normally, an internal ID is assigned to a user group, but no external ID. If only internal IDs are maintained for user groups, the value * should be assigned to the authorization field /GAL/CCM_E.
In order to automatically assign a Conigma user to a Conigma user group via SAP authorizations, the mode of the user group must be set to either "SAP Authorization" or "Hybrid". Further details about the different modes can be found in the chapter about creating a Conigma user group.
Assignment via nested user groups
A further possibility of assignment can be made via nested user groups. In this case, another user group is assigned to a user group. All members of the user group to be assigned are then implicitly also members of the parent user group. To do this, only the menu item "Assign user group" must be selected from the context menu of a user group. In a further dialogue, which lists all user groups, one or more user groups to be assigned can then be selected.
Configuration options in the configuration editor
In the configuration editor (transaction /GAL/CONFIG_EDITOR), you can restrict whether assignment is possible using object links or SAP authorizations. The setting can be found via the path "Root" --> "Galileo Group AG" --> "Conigma Suite" --> "Conigma CCM" --> "Common" --> "Security". The default rules in the standard delivery define that the assignment via object links is possible but not the automatic assignment via SAP authorizations. If one of the values is changed, click on the corresponding node "Enable User Group Assignment via Object Links" or "Enable User Group Assignment via SAP Authorization" and select the desired system-specific value in the "Values" tab page. ABAP_TRUE means that the mode is active and ABAP_FALSE means that the mode is not available.
After saving the changes it should be distributed to all systems managed by Conigma. To create the transport order, it is best to open the context menu by right clicking on the "Security" node and selecting the menu item "Transport subtree".