Security Aspects for Workflow
The Workflow integration into SAP Gateway provides several security mechanisms.
Role Templates
Workflow uses out-of-the-box function modules of SAP_WAPI (RFC functions). These function modules contain authorization checks for different user roles and are integrated in pre-defined role templates. Role templates exist for both administration users and for end users.
The following templates are available:
|
User Type |
Template Name |
Template for |
|
Administrator |
/IWWRK/RT_WF_ADM |
SAP Gateway Workflow Administrator |
|
End user |
/IWWRK/RT_WF_GW_USR |
SAP Gateway Workflow User |
|
End user |
/IWBEP/RT_MGW_USR |
SAP Gateway End User |
The template /IWBEP/RT_MGW_USR contains underlying SAP Gateway authorizations only and, as such, does not contain application authorization such as workflow.
For a list of all role templates, see User, Developer, and Administrator Authorizations. For more information about the role /IWWRK/RT_WF_GW_USR for SAP Gateway Workflow User including the authorization objects required for working with SAP Gateway, see Roles in the SAP Gateway Landscape and refer to the section Assignments of Authorization Objects.
Special Users
A special user role WF-BATCH is provided in the backend system (SAP Business Suite system). This user is a dedicated user for background processing. For example, if you create sales orders in the backend and a Workflow is triggered during this creation, WF-BATCH is responsible for triggering the Workflow (only for background processing).
File Attachment Handling
Workflow attachments are verified using the standard SAP virus scan interfaces. For more information on how to set up the interface, see the SAP NetWeaver documentation abut SAP Virus Scan Interface.