Show TOC

Security Aspects for WorkflowLocate this document in the navigation structure

The Workflow integration into SAP Gateway provides several security mechanisms.

Role Templates

Workflow uses out-of-the-box function modules of SAP_WAPI (RFC functions). These function modules contain authorization checks for different user roles and are integrated in pre-defined role templates. Role templates exist for both administration users and for end users.

The following templates are available:

User Type

Template Name

Template for



SAP Gateway Workflow Administrator

End user


SAP Gateway Workflow User

End user


SAP Gateway End User

The template /IWBEP/RT_MGW_USR contains underlying SAP Gateway authorizations only and, as such, does not contain application authorization such as workflow.

For a list of all role templates, see User, Developer, and Administrator Authorizations. For more information about the role /IWWRK/RT_WF_GW_USR for SAP Gateway Workflow User including the authorization objects required for working with SAP Gateway, see Roles in the SAP Gateway Landscape and refer to the section Assignments of Authorization Objects.

Special Users

A special user role WF-BATCH is provided in the backend system (SAP Business Suite system). This user is a dedicated user for background processing. For example, if you create sales orders in the backend and a Workflow is triggered during this creation, WF-BATCH is responsible for triggering the Workflow (only for background processing).

File Attachment Handling

Workflow attachments are verified using the standard SAP virus scan interfaces. For more information on how to set up the interface, see the SAP NetWeaver documentation abut SAP Virus Scan Interface.