Standard Authorization Objects
This section provides an overview of the security-relevant authorization objects that are used by SAP Landscape Management for the default remote function call (RFC) destination.
|
Authorization Object |
Field |
Value |
Description |
|---|---|---|---|
| S_RFC | RFC_TYPE | FUGR | Execute function modules of group SYST in the target system. |
| RFC_NAME | SYST | ||
| ACTVT | 16 | ||
| S_RFC | RFC_TYPE | FUGR | Execute function modules of group THFB in the target system. |
| RFC_NAME | THFB | ||
| ACTVT | 16 | ||
| S_RFC | RFC_TYPE | FUGR | Execute function modules of group SXBP in the target system. |
| RFC_NAME | SXBP | ||
| ACTVT | 16 | ||
| S_RFC | RFC_TYPE | FUGR |
Execute function modules of group SXMI in the target system. |
| RFC_NAME | SXMI | ||
| ACTVT | 16 | ||
| S_RFC | RFC_TYPE | FUGR |
Execute function modules of group SM02 in the target system. |
| RFC_NAME | SM02 | ||
| ACTVT |
16 |
||
| S_RFC | RFC_TYPE | FUGR |
Execute function modules of group SMLG in the target system. |
| RFC_NAME | SMLG | ||
| ACTVT | 16 | ||
| S_RFC | RFC_TYPE | FUGR |
Execute function modules of group SLCH in the target system. |
| RFC_NAME | SLCH | ||
| ACTVT | 16 | ||
| S_XMI_PROD | EXTCOMPANY | SAP |
Execute external management interface XBP. |
| EXTPRODUCT | ACC | ||
| INTERFACE | XBP | ||
| S_BTCH_ADM | BTCADMIN | Y |
Do anything with jobs in all clients. |
| S_ADMI_FCD | S_ADMI_FCD | ST0R |
Evaluate traces. |
| S_ADMI_FCD | S_ADMI_FCD | SM02 |
Create, change, and delete system messages. |
The table below shows the security-relevant authorization objects that are used by SAP Landscape Management, to change RFC passwords during initial copy.
|
Authorization Object |
Field |
Value |
Description |
|---|---|---|---|
| S_RFC | RFC_TYPE | FUGR | Execute function modules of group SUSO in the target system. |
| RFC_NAME | SUSO | ||
| ACTVT | 16 | ||
| S_RFC | RFC_TYPE | FUNC | Change the password. |
| RFC_NAME | SUSR_USER_CHANGE_PASSWORD_RFC | ||
| ACTVT | 16 |
The table below shows the security-relevant ABAP post-copy automation roles that are used by SAP Landscape Management for the default RFC destination.
|
Role |
Permission |
Description |
|---|---|---|
| SAP_BC_STC_DISPLAY |
|
Role to display technical configuration task lists. This role allows users to display task lists and corresponding objects (task list runs and task list variants) used for technical configuration. |
| SAP_BC_STC_REMOTE |
To perform particular actions, further authorizations are necessary. See other SAP_BC_STC_* roles. |
Role for technical configuration remote access. This role contains the authorizations necessary to remotely access technical configuration task lists. |
