Authorizations
Use
In the ICF environment, you have the option of using various authorization objects to restrict access to individual ICF elements. There are three basic categories:
-
Calling services
-
Maintaining services
-
Troubleshooting with the ICF recorder
-
Authorization for using ICF or individual services
-
Authorization for calling application function modules or BSP applications (with the relevant ICF handler) that you want to be executed by a service. (These authorizations are defined by the relevant application in the target system.)
-
Assigning ICF Authorizations
Take the following into account when you assign ICF authorizations to users in SAP systems:
-
The ABAP authorization object required for using ICF is S_ICF.
-
The authorization for creating and maintaining virtual hosts and services is granted using the authorization object S_ICF_ADM. Here you can define, for example, whether you want to allow access to individual services or aliases, or allow access to top-level service nodes.
-
You can use the authorization S_ICFREC to control access to the ICF recorder.
-
You can use the authorization object S_ADMIN_FCD to restrict the use of administration functions in transaction SICF.
Granting Authorizations for Using Individual Services
-
Use transaction SICF to maintain the security options under Service Data for each ICF service (or a service node or virtual host).
-
To define the authorization of a user for accessing a specific service yourself, you can enter a check value in the SAP Authorization field under Service Data. Also read the F1 help for this field.