Authorization

Search within this release
Search within this

Go
Legacy Mapping Global Search
SAP Business Suite
SAP for Industries
SAP Business One
SAP NetWeaver
Analytics
SAP In-Memory Computing
Application Lifecycle Mgmt
SAP Best Practices
Cloud
Mobile
Database
Additional Information

SAP NetWeaver
Platform
7.3
SAP Central Process Scheduling by Redwood
SAP Central Process Scheduling by Redwood
Architecture
Getting Started - Using SAP CPS
Administering the Scheduling Landscape
Automating Processes Across the System Landscape
Monitoring Your Datacenter
Reference
o Process Server Parameter Reference
o Redwood Function Library
o SAP RFC User Privileges
o Default System Job Definitions
o Default SAP Job Definitions
Download
Print
Fullscreen
SAP RFC USER PRIVILEGES

Each ABAP stack you want to interact with needs a privileged user. SAP recommends it to be a System user for normal batch
processing and a Dialog user if this user also has to be used as the Step user.
The following section describes the privileges required by the RFC user to interact with the ABAP stack of SAP Systems. To assign
the following privileges, navigate to Tools Administration User Maintenance Role Administration Roles (transaction
PFCG) and see the Assigning SAP Authorizations to the RFC User procedure for more information.
Note
Whenever an authorization problem occurs, you can log into the SAP system as the user and execute transaction SU53. You can
use the output of this transaction to identify any missing authorizations.
End of the note.
SAP Authorizations for XBP and BW
AAAB - Cross-application Authorization Objects
S_RFC - Authorization check for RFC access
Name Required Authorizations
Activity * (or Execute)
Name of RFC to be
protected
*, or all of BATG, FRFC, OCSB, RFC1, RFC1, SALX, SCCA, SDIFRUNTIME, SDTX, SG00, SRFC,
SXBP, SXMI, SYST, and SYSU
Type of RFC object to be
protected
FUGR (Function group)
If you are using XBP transports, the following two RFC's need to be added:
/SCJS/1XBP, /SCJS/2XBP
If you are using ISU transports, the following two RFC's need to be added:
/SCJS/1ISU and /SCJS/2ISU
For BW, the list with names of RFCs to be protected has to be extended with following authorizations (unless the list contains just *
(all RFCs)):
Name of RFC to be protected RSBC, RSAB, BATG, RSPC_API
This is required to be able to use RFC, and is thus an absolute requirement.
BC_A - Basis: Administration
S_ADMI_FCD - System Authorizations
System administration functions SP01, SP0R, SPAD
S_BTCH_ADM - Background Processing: Background Administrator
Background administrator ID *
S_BTCH_JOB - Background Processing: Operations on Background Jobs
Job operations *
Summary of jobs for a group *
While it is possible to individually assign authorizations to delete background jobs, display spool requests, copy or repeat jobs,
display the job processing log, release jobs and to display the job queue, all of them are required for proper function of the product.
S_BTCH_NAM - Background Processing: Background User Name
Background User Name for Authorization *
S_RZL_ADM - CCMS: System Administration
Activity 01
S_SPO_ACT - Spool: Actions
Authorization field for spool *
Value for authorization check *
S_SPO_DEV - Spool: Device authorizations
Long device names *
S_TABU_DIS - Table maintenance (via standard tools such as SM30)
Activity 03
Authorization group *
The S_TABU_DIS authorization is needed for importing BW InfoPackage groups. Addtionally, it is required for all SAP releases that
have neither XBP (see the documentation shipped with SAP CPS for more information on this feature) 3.0 nor transports (as of
M28) in order to be able to import SAP calendars.
The following table illustrates the various combinations and the requirements:

M28 (without transports) or earlier with
XBP 2.0 or earlier
M28 (without transports) or earlier
with XBP 3.0
M28 with
transports
Run InfoPackagestable
RSMONRQTAB
o o o
Import InfoPackage Groupstable
RSPAKPOS
x x x
Import SAP Calendarstables THOCS
and TFACS
x - -
o - (optional) the official API will be used, which is slower and sometimes not reliable
x - (mandatory) this functionality requires access to the table via RFC_READ_TABLE
- - no direct table access is needed
S_XMI_LOG - Internal access authorization for XMI log
Access method for XMI log *
S_XMI_PROD - Auth. for external management interfaces (XMI)
XMI logging: company name REDWOOD (or *)
Product *
Interface ID *
Note
Please note that this has to be set to REDWOOD and not your company name.
End of the note.
This is the minimal set of authorizations required by SAP CPS.
SAP Authorizations for BW Process Chains
S_RS_ALL
You need to assign the S_RS_ALL profile to the user, this is done as follows:
If you want to schedule process chains and/or InfoPackages, then you must also assign the S_RS_ALL profile to the REDWOOD
role. This can be done as follows:
1. Navigate to Tools Administration User Maintenance Role Administration Roles (transaction PFCG).
2. Create a new role REDWOOD, or edit the existing one if it already exists.
3. Select the Authorizations tab.
4. Choose Change Authorization Data. If the system shows a list of templates, choose Do not select templates.
5. You should now be in Change role: Authorizations.
6. Choose Edit Insert authorization(s) From profile and fill S_RS_ALL into the profile field, apply the change.
Notice that the required authorizations have been added automatically.
S_DEVELOP - ABAP Workbench
When the synchronous flag is switched on, the following authorization is also required for process chains:
ACTVT 16
DEVCLASS *
OBJNAME *
OBJTYPE PROG
P_GROUP *
AAAB - Cross-application Authorization Objects
SAP Authorizations required for XAL and XMW synchronization.
S_RFC - Authorization check for RFC access''
Name of RFC to be protected *, or all of FRFC, OCSB, SALX, SXMI, SYST, SDTX, RFC1, SDIFRUNTIME, SG00, SRFC,
SYSU
Type of RFC object to be
protected
FUGR
SAP Authorizations for Industry Solutions (ISU)
S_DEVELOP - ABAP Workbench
ACTVT 03
DEVCLASS EE20
OBJNAME *
OBJTYPE *
P_GROUP *
SAP Authorizations for SAP Applications
The role SAP_BC_REDWOOD_COMM_EXT_SDL is required.
Please make sure, that the role has the following authorizations:
S_RFC_ADM
Activity All activities
Internet Communication Framework *
Logical Destination CRONACLE*, REDWOOD
Type of Entry in RFCDES All values
Last update: 2013-02-25
Related Content
The following content is not part of SAP product documentation. For more information, see the following disclaimer .
SAP Community Network (SCN)
ABAP Development
Java Development
Business Process Management and Composition
Business Rules Management
Process Integration (PI) & SOA Middelware
B2B Integration
SAP NetWeaver Portal
User Interface Technology
SAP NetWeaver Business Warehouse
Web Dynpro ABAP
Web Dynpro Java
Composite Applications
Security
SAP NetWeaver Application Server
SAP NetWeaver Administrator
Enterprise Services Repository (ESR)
Product Availability
Product Availability Matrix (PAM)
PAM Documentation
Support Information
Search for SAP Notes and SAP Knowledge Base Articles

Authorization

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Authorization

Uploaded by

Copyright:

Available Formats

Search within this release

Search within this

You might also like