Authorization Objects Used in eCATT Authorization

S_TCODE

Authorizations based on the object S_TCODE regulate the transactions that users are allowed to start.

Field

Description

TCD

Permitted transaction code or codes

Required values: SECATT, SECATT_LOG, STPFE

Optional: SECATT_UTIL

S_ECATT

The main authorization object S_ECATT has been introduced to enable access regulation for users working on SAP Test Automation.

The granularity of the object allows you to create authorizations that restrict access to a particular kind of eCATT object type, particular packages, and particular activities.

Field	Description
`DEVCLASS`	Package(s) whose objects the user may change
`OBJTYPE`	Object types that the user may change Required values: `ECAT – Test Script` `ECTC – Test Configuration` `ECTD – Test Data Container` `ECSD – System Data Container` `ECVO – Validation Object` `ECSP – Start Profile`
`OBJNAME`	Object names that the user may change
`ACTVT`	Permitted activities (create, change, ... ) `01 – Create` `02 – Display` `03 – Change/Modify` `06 – Delete` `16 – Execute / Run` `70 – Administration, Activities in the eCATT Log on Expert level`

S_DEVELOP

S_DEVELOP is the authorization object used to regulate access to all development objects in an SAP system.

Since eCATT objects belong to object types supported by the ABAP Development Workbench, S_DEVELOP can be used as an equal alternative to S_ECATT with same value range for the authority object fields.

In previous implementations of the eCATT tool, when the authorization object S_ECATT was not introduced yet, the use of S_DEVELOP was mandatory. Consequently, there might be existing setups with user roles using S_DEVELOP for SAP Test Automation. The eCATT tool will continue to support these.

S_ECATTADM

This object serves as an authorization check for additional administrative activities.

Field	Description
`ACTVT`	Activity, the following value is supported: `16 - Execute`
`OBJTYPE`	Type of the object to be run: `Prog` in case of authorization check for programs/reports `Func` in case of authorization check for function modules
`OBJNAME`	Name of the object to be run that checks the authorization object: report `RSECATT_MASS_CHANGE_VERSIONING` report `RSECATT_MASS_CHANGE_ATTRIB` report `RS_TESTPROXY_DEL_EXECUTIONS` function module `ECATT_LOG_ARCH_FLAG_SET` function module `ECATT_SET_LOG_RETENTION_TIME` function module `ECATT_SET_SCHEDULER_WAIT_TIME` function module `ECATT_SET_SCHEDULER_MAX_TIME` function module `ECATT_SET_SCHEDULER_JOB_TIME`

S_RFC

This is a system-side authorization object that is called upon when users try to execute functions in remote systems. It allows you to restrict the function modules that can be called to those in specified function groups. In use-cases of SAP Test Automation testing remote systems this authorization object is required.

Field	Description
`RFC_TYPE`	Type of RFC object that the user can work with. Can only take the value `FUGR` (function group)
`RFC_NAME`	Name of the function group or groups whose function modules the user may execute
`ACTVT`	Activity (only supports `16` (execute)

S_ADMI_FCD

This is a system administration authorization object. The system checks it when a user tries to create an RFC destination.

Field	Description
`S_ADMI_FCD`	The different system administration functions that the user may perform

S_RFCACL

This is a system administration authorization object. The system checks it when a user tries to log onto a target system using trusted RFC.

Field	Description
`RFC_SYSID`	The system ID of the originating system
`RFC_CLIENT`	The client of the originating system
`RFC_USER`	The user in the originating system
`RFC_EQUSER`	Flag: Must the user in the target system be the same as the user in the originating system?
`RFC_TCODE`	Transaction code of the application that executed the call
`RFC_INFO`
`ACTVT`	Activity (only supports `16` - Execute)