SAP authorizations required for AE jobs depend on the particular installation and on the range of functions used in AE. What is shown below are authorization objects which are necessary for the CPIC userIn the Automation Engine, a user is an instance of a User object, and generally the user is a specific person who works with Automic products. The User object is assigned a user ID and then a set of access rights to various parts of the Automation Engine system and product suite. These access rights come in the form of Automation Engine authorizations and privileges, Decision user roles and EventBase rights and ARA web application object rights. You can manage all these centrally in the ECC user management functions. See also, Unified user management. in order to provide maximum functionality.
For understanding the following table, knowledge of SAP authorization concepts is assumed.
Authorization Object | Connection to AE | Field name | Values |
---|---|---|---|
S_RFC |
When the Profile Parameter auth/rfc_authority_check is set, SAP checks if the RFC user is allowed to call the given functionPre-defined run book template in the Automation Engine. One single step only, e.g. Start Windows Service, Copy file,… groupAn Automation Engine object type that integrates tasks so that they can be processed together.. |
ACTVT RFC_NAME RFC_TYPE |
* |
S_BTCH_JOB |
AE creates SAP jobs dynamically and needs the authorization to plan, monitor and releaseReleases combine a set of activities and a set of packages as well as other release artifacts under a timeline (a plan including milestones and phases), which can be planned, baselined and tracked. jobs. In addition, AE creates jobs in order to process BDC sessions, thereby using the standard ABAP program RSBDCBTC. |
JOBACTION |
* |
S_BTCH_ADM |
In order to run existing SAP jobs, AE must change the respectiveJo bs. The AE and standard interfaces use the standard function module BP_JOB_MODIFY to run jobs. This requires batch-administrator authorization. This type of authorization is also required for retrieving the Spool List of a jobAn Automation Engine object type for a process that runs on a target system. in case the CPIC user is not the job creator. Attention: S_BTCH_ADM allows the clientA closed environment within an Automation Engine system where you can create and run objects. A client name consists of a 4-digit number that must be indicated when a user logs on to the Automation Engine system. Users and their rights are also defined in clients. A particular Automation Engine object type.-independent selection of existing jobs. If the AE JCL statement R3_ACTIVATE_JOBS is processed with a CPIC user having this authorization, AE possibly starts jobs in several SAP clients, depending on the specified selection criteria (such as the same job name in 2 SAP clients) |
BTCADMIN |
Y |
S_BTCH_NAM |
In order to create and run jobs for any other SAP user, the CPIC user must be authorized to specify the user nameName of the Automation Engine user.. |
BTCUNAME |
* |
S_SPO_DEV |
In order to specify the printing parameter 'print immediately' within a job step, the CPIC user must be authorized to access the corresponding printing device. |
SPODEVICE |
* |
S_TMS_ACT |
In order to transfer the cover page of a Spool List back to AE, it is helpful to see the parameters of the variant which was used to run the ABAP. This information is part of the cover page. |
STMSACTION |
* |
S_XMI_PROD |
This objectAutomation Engine controlled activities and processes are structured in the form of objects. See also: Task is used to log on to the Standard Interface. Before Calling functions of an External Interface, the External Application has to Log on to the Interface. |
EXTCOMPANY |
* |
S_XMI_LOG |
Not necessary for AE, but when using the standard interface, entries into the XMI log are created (Online Transaction Code RZ15). This authorization is required to view them or to clear the log. |
- |
- |
S_WFAR_OBJ |
AE allows the specification of Archive Parameters (object type, document type...). This includes that the printing listShows entities in a grid view of an ABAP program can be transferred to an optical archive immediately. This only makes sense if an optical archive system is installed for the SAP system. |
ACTVT |
* |
S_WFAR_PRI |
In order to create printing lists within an optical archive, the CPIC user must have the corresponding authorization. |
ACTVT |
* |
S_PROGRAM |
AE needs this authorization object to schedule ABAP programs that are assigned to authorization groups (Authorization field P_ACTION = BTCSUBMIT) and to manage variants (Authorization field P_ACTION = VARIANT). |
P_ACTION |
BTCSUBMIT,VARIANT |
S_SPO_ACT |
In order to transfer Spool Lists not created from the CPIC user, the field SPOACTION has to allow the actions BASE and DISP for the corresponding users. |
SPOACTION |
BASE,DISP |
S_ADMI_FCD |
In order to transfer Spool Lists not created from the CPIC user, the field S_ADMI_FCD has to allow the actions at least the actionActions are predefined building blocks for recurring activities. They are commonly used for managing third party systems or in deployment scenarios. SP0R. |
S_ADMI_FCD |
SP0R |
S_RS_ISRCM | Only needed if the Business Warehouse Function BW_ACTIVATE_CHAIN is used. | RSAPPLNM RSOSOURCE RSISRCOBJ ACTVT | * * * * |
S_RS_ISOUR Administrator Workbench - InfoSource (Flexible Update) |
Only needed if the Business Warehouse Function BW_ACTIVATE_INFOPACKAGE is used and Flexible Update is used. |
ACTVT RSAPPLNM RSISOURCE RSISRCOBJ |
* |
S_RS_ISOUR Administrator Workbench - InfoSource (Direct Update) |
Only needed if the Business Warehouse Function BW_ACTIVATE_INFOPACKAGE is used and Direct Update is used. |
ACTVT RSAPPLNM RSISOURCE RSISRCOBJ |
* |
S_DEVELOP ABAP Workbench |
Only needed if the Business Warehouse Function BW_ACTIVATE_CHAIN is used. |
ACTVT DEVCLASS OBJNAME OBJTYPE P_GROUP |
* |
S_RS_ICUBE Administrator Workbench - InfoCube |
Only needed if the Business Warehouse Function BW_ACTIVATE_CHAIN is used. |
ACTVT RSICUBEOBJ RSINFOAREA RSINFOCUBE |
* |
S_RS_ADMWB Administrator Workbench - Objects |
Only needed if the Business Warehouse Functions are used. |
ACTVT RSADMWBOBJ |
* |
S_RS_DS | Only needed if the Business Warehouse Functions are used. | ||
S_RS_DTP | Only needed if the Business Warehouse Functions are used. | ||
S_RS_ODSO | Only needed if the Business Warehouse Functions are used. | ||
S_RS_PC | Only needed if the Business Warehouse Functions are used. | ||
S_RZL_ADM |
Releasing intercepted jobs (RemoteTaskManagerIt monitors and controls external Jobs that were not started by the Automation Engine (AE). An AE object type. [Formerly called "QueueManager."], R3_activate_intercepted_jobs) |
ACTVT |
01 |
S_TABU_DIS | For using SAP Forms | ACTVT DICBERCLS |
03 SPFL |
- |
No specific SAP authorizations are necessary for additional AE functions, as there is no security risk. |
|
|
*) Automic recommends creating your authorizations in accordance with your naming conventions.
For using minimum AE functionality, it is necessary to provide the RFC user with a user profile that contains the authorization object S_BTCH_JOB. It must contain the standard authorization S_BTCH_ALL or an authorization where the fields are filled in as follows:
Activities in jobs: DELE, PLAN, PROT, RELE, SHOW
Summarizing jobs for a group: *
Automic Documentation - Tutorials - Automic Blog - Resources - Training & Services - Automic YouTube Channel - Download Center - Support |
Copyright © 2016 Automic Software GmbH |