Go Legacy Mapping Global Search SAP Business Suite SAP for Industries SAP Business One SAP NetWeaver Analytics SAP In-Memory Computing Application Lifecycle Mgmt SAP Best Practices Cloud Mobile Database Additional Information
SAP NetWeaver Platform 7.3 SAP Central Process Scheduling by Redwood SAP Central Process Scheduling by Redwood Architecture Getting Started - Using SAP CPS Administering the Scheduling Landscape Automating Processes Across the System Landscape Monitoring Your Datacenter Reference o Process Server Parameter Reference o Redwood Function Library o SAP RFC User Privileges o Default System Job Definitions o Default SAP Job Definitions Download Print Fullscreen SAP RFC USER PRIVILEGES
Each ABAP stack you want to interact with needs a privileged user. SAP recommends it to be a System user for normal batch processing and a Dialog user if this user also has to be used as the Step user. The following section describes the privileges required by the RFC user to interact with the ABAP stack of SAP Systems. To assign the following privileges, navigate to Tools Administration User Maintenance Role Administration Roles (transaction PFCG) and see the Assigning SAP Authorizations to the RFC User procedure for more information. Note Whenever an authorization problem occurs, you can log into the SAP system as the user and execute transaction SU53. You can use the output of this transaction to identify any missing authorizations. End of the note. SAP Authorizations for XBP and BW AAAB - Cross-application Authorization Objects S_RFC - Authorization check for RFC access Name Required Authorizations Activity * (or Execute) Name of RFC to be protected *, or all of BATG, FRFC, OCSB, RFC1, RFC1, SALX, SCCA, SDIFRUNTIME, SDTX, SG00, SRFC, SXBP, SXMI, SYST, and SYSU Type of RFC object to be protected FUGR (Function group) If you are using XBP transports, the following two RFC's need to be added: /SCJS/1XBP, /SCJS/2XBP If you are using ISU transports, the following two RFC's need to be added: /SCJS/1ISU and /SCJS/2ISU For BW, the list with names of RFCs to be protected has to be extended with following authorizations (unless the list contains just * (all RFCs)): Name Required Authorizations Name of RFC to be protected RSBC, RSAB, BATG, RSPC_API This is required to be able to use RFC, and is thus an absolute requirement. BC_A - Basis: Administration S_ADMI_FCD - System Authorizations Name Required Authorizations System administration functions SP01, SP0R, SPAD S_BTCH_ADM - Background Processing: Background Administrator Name Required Authorizations Background administrator ID * S_BTCH_JOB - Background Processing: Operations on Background Jobs Name Required Authorizations Job operations * Summary of jobs for a group * While it is possible to individually assign authorizations to delete background jobs, display spool requests, copy or repeat jobs, display the job processing log, release jobs and to display the job queue, all of them are required for proper function of the product. S_BTCH_NAM - Background Processing: Background User Name Name Required Authorizations Background User Name for Authorization * S_RZL_ADM - CCMS: System Administration Name Required Authorizations Activity 01 S_SPO_ACT - Spool: Actions Name Required Authorizations Authorization field for spool * Value for authorization check * S_SPO_DEV - Spool: Device authorizations Name Required Authorizations Long device names * S_TABU_DIS - Table maintenance (via standard tools such as SM30) Name Required Authorizations Activity 03 Authorization group * The S_TABU_DIS authorization is needed for importing BW InfoPackage groups. Addtionally, it is required for all SAP releases that have neither XBP (see the documentation shipped with SAP CPS for more information on this feature) 3.0 nor transports (as of M28) in order to be able to import SAP calendars. The following table illustrates the various combinations and the requirements:
M28 (without transports) or earlier with XBP 2.0 or earlier M28 (without transports) or earlier with XBP 3.0 M28 with transports Run InfoPackagestable RSMONRQTAB o o o Import InfoPackage Groupstable RSPAKPOS x x x Import SAP Calendarstables THOCS and TFACS x - - o - (optional) the official API will be used, which is slower and sometimes not reliable x - (mandatory) this functionality requires access to the table via RFC_READ_TABLE - - no direct table access is needed S_XMI_LOG - Internal access authorization for XMI log Name Required Authorizations Access method for XMI log * S_XMI_PROD - Auth. for external management interfaces (XMI) Name Required Authorizations XMI logging: company name REDWOOD (or *) Product * Interface ID * Note Please note that this has to be set to REDWOOD and not your company name. End of the note. This is the minimal set of authorizations required by SAP CPS. SAP Authorizations for BW Process Chains S_RS_ALL You need to assign the S_RS_ALL profile to the user, this is done as follows: If you want to schedule process chains and/or InfoPackages, then you must also assign the S_RS_ALL profile to the REDWOOD role. This can be done as follows: 1. Navigate to Tools Administration User Maintenance Role Administration Roles (transaction PFCG). 2. Create a new role REDWOOD, or edit the existing one if it already exists. 3. Select the Authorizations tab. 4. Choose Change Authorization Data. If the system shows a list of templates, choose Do not select templates. 5. You should now be in Change role: Authorizations. 6. Choose Edit Insert authorization(s) From profile and fill S_RS_ALL into the profile field, apply the change. Notice that the required authorizations have been added automatically. S_DEVELOP - ABAP Workbench When the synchronous flag is switched on, the following authorization is also required for process chains: Name Required Authorizations ACTVT 16 DEVCLASS * OBJNAME * OBJTYPE PROG P_GROUP * AAAB - Cross-application Authorization Objects SAP Authorizations required for XAL and XMW synchronization. S_RFC - Authorization check for RFC access'' Name Required Authorizations Name of RFC to be protected *, or all of FRFC, OCSB, SALX, SXMI, SYST, SDTX, RFC1, SDIFRUNTIME, SG00, SRFC, SYSU Type of RFC object to be protected FUGR SAP Authorizations for Industry Solutions (ISU) S_DEVELOP - ABAP Workbench Name Required Authorizations ACTVT 03 DEVCLASS EE20 OBJNAME * OBJTYPE * P_GROUP * SAP Authorizations for SAP Applications The role SAP_BC_REDWOOD_COMM_EXT_SDL is required. Please make sure, that the role has the following authorizations: S_RFC_ADM Name Required Authorizations Activity All activities Internet Communication Framework * Logical Destination CRONACLE*, REDWOOD Type of Entry in RFCDES All values Last update: 2013-02-25 Related Content The following content is not part of SAP product documentation. For more information, see the following disclaimer . SAP Community Network (SCN) ABAP Development Java Development Business Process Management and Composition Business Rules Management Process Integration (PI) & SOA Middelware B2B Integration SAP NetWeaver Portal User Interface Technology SAP NetWeaver Business Warehouse Web Dynpro ABAP Web Dynpro Java Composite Applications Security SAP NetWeaver Application Server SAP NetWeaver Administrator Enterprise Services Repository (ESR) Product Availability Product Availability Matrix (PAM) PAM Documentation Support Information Search for SAP Notes and SAP Knowledge Base Articles