Skip to Content

Authorization Verifications

Many of the ChangeMan ZMF features are organized by specific roles, which are implemented via authorizations derived from the used security system. ChangeMan ZMF administrators will define the required authorizations (like security entity names for promotion or approval authorities), while in the security system specific userids will be granted access to these entity names. Using this approach, no userids need to be defined within ChangeMan ZMF, which is great. But at some point in time somebody will start asking questions about who did what in ChangeMan ZMF. That‟s where these reports were designed for.

Typical questions that fit in this category relate to finding out who has been using some (usually secured) ChangeMan ZMF function, such as: Which userids ever performed specific ChangeMan ZMF operations like a promote, an approve, a backout, etc and which security entity check did they pass for that? Some real world situations to illustrate the reasons for this question, which standard report USERSAPR (or USERSPRM) may answer, are:

  • Security officers want to perform a cleanup operation in the security system (how can they safely remove ChangeMan ZMF security entities which are no longer used?).
  • IT auditors just want to know who has been using which authority (and is it OK that they were authorized to perform a specific ChangeMan ZMF function?).

Reports in this category

  • APPRENTI - Active approval entities.
  • USERHIST - Component history for 1 user.
  • USERSAPR - Active CMN approver users.
  • USERSPRM - Active CMN promotion users.


book | by Dr. Radut