|
Multiple SAP Systems |
Technical Connection |
Consideration of Job Attributes |
|
SAP authorizations required for AE jobs depend on the particular installation and on the range of functions used in AE. What is shown below are authorization objects which are necessary for the CPIC user in order to provide maximum functionality.
For understanding the following table, knowledge of SAP authorization concepts is assumed.
| Authorization Object | Connection to AE | Field name | Values |
|---|---|---|---|
|
S_RFC |
When the Profile Parameter auth/rfc_authority_check is set, SAP checks if the RFC user is allowed to call the given function group. |
ACTVT RFC_NAME RFC_TYPE |
* |
|
S_BTCH_JOB |
AE creates SAP jobs dynamically and needs the authorization to plan, monitor and release jobs. In addition, AE creates jobs in order to process BDC sessions, thereby using the standard ABAP program RSBDCBTC. |
JOBACTION |
* |
|
S_BTCH_ADM |
In order to run existing SAP jobs, AE must change the respectiveJo bs. The AE and standard interfaces use the standard function module BP_JOB_MODIFY to run jobs. This requires batch-administrator authorization. This type of authorization is also required for retrieving the Spool List of a job in case the CPIC user is not the job creator. Attention: S_BTCH_ADM allows the client-independent selection of existing jobs. If the AE JCL statement R3_ACTIVATE_JOBS is processed with a CPIC user having this authorization, AE possibly starts jobs in several SAP clients, depending on the specified selection criteria (such as the same job name in 2 SAP clients) |
BTCADMIN |
Y |
|
S_BTCH_NAM |
In order to create and run jobs for any other SAP user, the CPIC user must be authorized to specify the user nameName of the Automation Engine user.. |
BTCUNAME |
* |
|
S_SPO_DEV |
In order to specify the printing parameter 'print immediately' within a job step, the CPIC user must be authorized to access the corresponding printing device. |
SPODEVICE |
* |
|
S_TMS_ACT |
In order to transfer the cover page of a Spool List back to AE, it is helpful to see the parameters of the variant which was used to run the ABAP. This information is part of the cover page. |
STMSACTION |
* |
|
S_XMI_PROD |
This object is used to log on to the Standard Interface. Before Calling functions of an External Interface, the External Application has to Log on to the Interface. |
EXTCOMPANY |
* |
|
S_XMI_LOG |
Not necessary for AE, but when using the standard interface, entries into the XMI log are created (Online Transaction Code RZ15). This authorization is required to view them or to clear the log. |
- |
- |
|
S_WFAR_OBJ |
AE allows the specification of Archive Parameters (object type, document type...). This includes that the printing list of an ABAP program can be transferred to an optical archive immediately. This only makes sense if an optical archive system is installed for the SAP system. |
ACTVT |
* |
|
S_WFAR_PRI |
In order to create printing lists within an optical archive, the CPIC user must have the corresponding authorization. |
ACTVT |
* |
|
S_PROGRAM |
AE needs this authorization object to schedule ABAP programs that are assigned to authorization groups (Authorization field P_ACTION = BTCSUBMIT) and to manage variants (Authorization field P_ACTION = VARIANT). |
P_ACTION |
BTCSUBMIT,VARIANT |
|
S_SPO_ACT |
In order to transfer Spool Lists not created from the CPIC user, the field SPOACTION has to allow the actions BASE and DISP for the corresponding users. |
SPOACTION |
BASE,DISP |
|
S_ADMI_FCD |
In order to transfer Spool Lists not created from the CPIC user, the field S_ADMI_FCD has to allow the actions at least the action SP0R. |
S_ADMI_FCD |
SP0R |
| S_RS_ISRCM | Only needed if the Business Warehouse Function BW_ACTIVATE_CHAIN is used. | RSAPPLNM RSOSOURCE RSISRCOBJ ACTVT | * * * * |
|
S_RS_ISOUR Administrator Workbench - InfoSource (Flexible Update) |
Only needed if the Business Warehouse Function BW_ACTIVATE_INFOPACKAGE is used and Flexible Update is used. |
ACTVT RSAPPLNM RSISOURCE RSISRCOBJ |
* |
|
S_RS_ISOUR Administrator Workbench - InfoSource (Direct Update) |
Only needed if the Business Warehouse Function BW_ACTIVATE_INFOPACKAGE is used and Direct Update is used. |
ACTVT RSAPPLNM RSISOURCE RSISRCOBJ |
* |
|
S_DEVELOP ABAP Workbench |
Only needed if the Business Warehouse Function BW_ACTIVATE_CHAIN is used. |
ACTVT DEVCLASS OBJNAME OBJTYPE P_GROUP |
* |
|
S_RS_ICUBE Administrator Workbench - InfoCube |
Only needed if the Business Warehouse Function BW_ACTIVATE_CHAIN is used. |
ACTVT RSICUBEOBJ RSINFOAREA RSINFOCUBE |
* |
|
S_RS_ADMWB Administrator Workbench - Objects |
Only needed if the Business Warehouse Functions are used. |
ACTVT RSADMWBOBJ |
* |
| S_RS_DS | Only needed if the Business Warehouse Functions are used. | ||
| S_RS_DTP | Only needed if the Business Warehouse Functions are used. | ||
| S_RS_ODSO | Only needed if the Business Warehouse Functions are used. | ||
| S_RS_PC | Only needed if the Business Warehouse Functions are used. | ||
|
S_RZL_ADM |
Releasing intercepted jobs (RemoteTaskManager, R3_activate_intercepted_jobs) |
ACTVT |
01 |
| S_TABU_DIS | For using SAP Forms | ACTVT DICBERCLS |
03 SPFL |
|
- |
No specific SAP authorizations are necessary for additional AE functions, as there is no security risk. |
|
|
*) Automic recommends creating your authorizations in accordance with your naming conventions.
For using minimum AE functionality, it is necessary to provide the RFC user with a user profile that contains the authorization object S_BTCH_JOB. It must contain the standard authorization S_BTCH_ALL or an authorization where the fields are filled in as follows:
Activities in jobs: DELE, PLAN, PROT, RELE, SHOW
Summarizing jobs for a group: *