Access Control Lists (ACL)

There are two types of access control lists that you need to maintain, a user ACL and a system ACL.

User Access Control List

The following activities apply to the user ACL:

• Maintain user ACLs

  Use this activity to maintain the SNC information for each individual user (transaction SU01). See User Maintenance on AS ABAP.

• Generate access control list of user

  Use this activity to automatically generate SNC names for users by using a uniform schema that consists of a fixed prefix, the SAP system user ID, and a company-defined suffix. For more information, see the section titled Use report RSUSR300 to create SNC names in External Security Products.

• Maintain access control list of user

  As an alternative to maintaining the individual users with the transaction SU01, you can use this activity to directly enter users' SNC names in the USRACL table (transaction SM30, view USRACL). See User Maintenance on AS ABAP.

• Maintain extended access control list of user

  Use this activity to assign SNC names to system users (transaction SM30, view USRACLEXT). See Maintaining SNC Information for Non-Dialog Users.

• Assign authorization to RFC user

  The following authorization objects are especially important when RFC is used between components in SAP systems:

  • S_RFC      Authorization check at RFC access
  • S_RFCACL      Authorization check for RFC user

  Use the Authorization Info System(transaction SUIM) to make sure that these objects are properly assigned. (Both objects belong to the class Cross-application Authority Objects.)

System Access Control List

With the activity Maintain access control list for SAP Systems, you define a system ACL that allows access to the system from other SAP systems according to their SNC names (transaction SNC0 or transaction SM30, view VSNCSYSACL). See RFC: SAP System → SAP System for details.