General Authorizations

Setting Up SAP Authorizations › General Authorizations

General Authorizations

You need general authorizations for all job types. Before you assign values to the authorization objects, you must display technical names. To do this from the Authorizations screen, select Utilities, Technical Names.

Scheduling Manager Function	Authorization Object	Values
Submitting and monitoring jobs and batch inputs for the RFC user	S_BTCH_JOB Batch Processing: operations on batch jobs	JOBACTION DELE—Delete background jobs LIST—Display spool requests created by jobs PLAN—Copy or repeat jobs PROT—Display job processing logs RELE—Release jobs (automatic release after scheduling possible) SHOW—Display job queue JOBGROUP Names of permitted job groups
Specifying an SAP user	S_BTCH_NAM Batch Processing: input of a batch user name	BTCUNAME Background username authorized to define background jobs
Reading job logs including Coverpage = YES	S_TMS_ACT TemSe: Actions on Objects	STMSACTION CRE—Create TemSe object REA—Read TemSe object DEL—Delete TemSe object APP—Append TemSe object MOD—Modify TemSe object. STMSOBJECT The value "LT*" authorizes a user to use all TemSe Objects beginning with "LT". STMSOWNER OWN—Own TemSe objects GRP—External TemSe objects in own clients OCL—TemSe objects in external clients
Print Immediately = YES	S_SPO_DEV Spooler: Device Authorization	SPODEVICE The value "LP*" authorizes a user to use all printers beginning with "LP" in spool administration.
XBP Register on XMI interface (necessary for CPIC user)	S_XMI_PROD Authorization for External Management Interface (XMI)	EXTCOMPANY Name of authorized company EXTPRODUCT Company's tool INTERFACE ID of XMI interface (use XBP)
Archive Parameter	S_WFAR_PRI ArchiveLink Authorizations for accessing Print Lists	OAARCHIV You use this field to check access authorization for particular content servers. The content servers must be maintained. OAOBJEKTE Access authorization can be differentiated by maintained object types. The object types allow application-oriented access to documents. You can use all maintained object types. OADOKUMENT You use this authorization field to check access to document types. All global document types are permitted. ACTVT You use this authorization field to define particular access modes to stored documents. The following activities are provided: 01: Generate—Allows print lists to be stored. 02: Change—Allows stored print lists to be changed. 03: Display—Allows stored print lists to be displayed. 04: Print—Allows stored print lists to be printed. 06: Delete—Allows stored print lists to be deleted. 70: Administration—Allows stored print lists to be managed. PROGRAM Name of report
Archive Parameter	S_WFAR_OBJ ArchiveLink Authorizations for accessing Documents	OAARCHIV Use this field to check the access authorizations for certain content servers. These content servers must be maintained. OAOBJEKTE The access authorization can be distinguished according to the maintained object types. Using the object types, you can control the application-related access to documents. You can use all maintained object types. OADOKUMENT Use this field to check the access to document types. All global document types are allowed. ACTVT Use this field to define certain access modes for stored documents. The following activities are provided: 01: Generate—Allows documents to be stored. 02: Change—Allows stored documents to be changed. 03: Display—Allows stored documents to be displayed. 04: Print—Allows stored documents to be printed. 06: Delete—Allows stored documents to be deleted. 70 : Administration—Allows stored documents to be managed. Example Field Values OAARCHIV A1 OAOBJEKTE BKPF OADOKUMENT * ACTVT 01,03,04
The S_RFC authorization is required for all RFC communication.	Name and type of RFC to be protected	ACTVT 16 Execute RFC_NAME This field currently contains the name of the function group. The check only applies to the first 18 characters RFC_TYPE FUGR

Scheduling Manager Function

Authorization Object

Values

Submitting and monitoring jobs and batch inputs for the RFC user

S_BTCH_JOB

Batch Processing: operations on batch jobs

JOBACTION

DELE—Delete background jobs
LIST—Display spool requests created by jobs
PLAN—Copy or repeat jobs
PROT—Display job processing logs
RELE—Release jobs (automatic release after scheduling possible)
SHOW—Display job queue

JOBGROUP

Names of permitted job groups

Specifying an SAP user

S_BTCH_NAM

Batch Processing: input of a batch user name

BTCUNAME

Background username authorized to define background jobs

Reading job logs including Coverpage = YES

S_TMS_ACT

TemSe: Actions on Objects

STMSACTION

CRE—Create TemSe object
REA—Read TemSe object
DEL—Delete TemSe object
APP—Append TemSe object
MOD—Modify TemSe object.

STMSOBJECT

The value "LT*" authorizes a user to use all TemSe Objects beginning with "LT".

STMSOWNER

OWN—Own TemSe objects
GRP—External TemSe objects in own clients
OCL—TemSe objects in external clients

Print Immediately = YES

S_SPO_DEV

Spooler: Device Authorization

SPODEVICE

The value "LP*" authorizes a user to use all printers beginning with "LP" in spool administration.

XBP

S_XMI_PROD

Authorization for External Management Interface (XMI)

EXTCOMPANY

Name of authorized company

EXTPRODUCT

Company's tool

INTERFACE

ID of XMI interface (use XBP)

Archive Parameter

S_WFAR_PRI

ArchiveLink Authorizations for accessing Print Lists

OAARCHIV

You use this field to check access authorization for particular content servers. The content servers must be maintained.

OAOBJEKTE

Access authorization can be differentiated by maintained object types. The object types allow application-oriented access to documents. You can use all maintained object types.

OADOKUMENT

You use this authorization field to check access to document types. All global document types are permitted.

ACTVT

You use this authorization field to define particular access modes to stored documents.
The following activities are provided:

01: Generate—Allows print lists to be stored.
02: Change—Allows stored print lists to be changed.
03: Display—Allows stored print lists to be displayed.
04: Print—Allows stored print lists to be printed.
06: Delete—Allows stored print lists to be deleted.
70: Administration—Allows stored print lists to be managed.

PROGRAM

Name of report

Archive Parameter

S_WFAR_OBJ

ArchiveLink Authorizations for accessing Documents

OAARCHIV

Use this field to check the access authorizations for certain content servers. These content servers must be maintained.

OAOBJEKTE

The access authorization can be distinguished according to the maintained object types. Using the object types, you can control the application-related access to documents. You can use all maintained object types.

OADOKUMENT

Use this field to check the access to document types. All global document types are allowed.

ACTVT

Use this field to define certain access modes for stored documents. The following activities are provided:

01: Generate—Allows documents to be stored.
02: Change—Allows stored documents to be changed.
03: Display—Allows stored documents to be displayed.
04: Print—Allows stored documents to be printed.
06: Delete—Allows stored documents to be deleted.
70 : Administration—Allows stored documents to be managed.

Example

Field Values

OAARCHIV A1
OAOBJEKTE BKPF
OADOKUMENT *
ACTVT 01,03,04

The S_RFC authorization is required for all RFC communication.

Name and type of RFC to be protected

ACTVT

16 Execute

RFC_NAME

This field currently contains the name of the function group. The check only applies to the first 18 characters

RFC_TYPE

FUGR

Email CA about this topic