Show TOC

Authorization ConceptLocate this document in the navigation structure


For the interaction with the Alert Management the following scenarios are possible:

  • Starting from an application scenario, you edit some alert categories. Editing implies the creation, display, modification, deletion, and the transport of categories. Additionally, you work with related recipient data, for example fixed recipients, recipients through user roles, and subscription authorizations.

  • Independent of the application, you configure the landscape of the alert management from a technical point of view. This includes the definition of the central alert server and protocol functionality.

  • You schedule and set the parameters of the administration reports.

  • Applications, users, or proxy users on a local alert system call the central alert server in order to receive the alerts of a certain user, to escalate, to confirm, or to forward an alert, and so on.

Predefined User Roles


Note that you do not need to give the end user any additional authorization.

The following predefined user roles are available for customizing and administration:

  • SAP_BC_ALM_CUST for customizing authorization.

  • SAP_BC_ALM_ADMIN for administration authorization. The administrator has the authorization for all activities. He or she can also read and confirm alerts for other users. In addition, the administrator can execute report RSALRTPROC to delete, escalate, and deliver alerts as well as to delete logs.

  • For the sending of alerts via external communication methods (e-mail, sms, fax) and for inbound processing, an RFC user has to be created on the central alert server with the role SAP_BC_ALM_ALERT_USER. The authorization objects contained in this role are S_OC_SEND and S_RFC.

Authorization Objects

In case you prefer to create your own user roles that are more appropriate for your application or landscape, SAP offers the following authorization objects:

S_ALM_CUST - Application Specific Customizing

The authorization object S_ALM_CUST is checked when you edit, display, or transport any alert category (transaction ALRTCATDEF). Since parts of these tasks can also be handled by table view (transaction SM30), the object is also checked there.

The following activities can be assigned:

  • Change, create, and delete alert definitions and associated data (technical key 02)

  • Display alert definitions and associated data (technical key 03)

  • Transport alert definitions and associated data (technical key 21)

S_ALM_CONF - Landscape Specific Configuration

The authorization object S_ALM_CONF is checked as soon as the landscape configuration is invoked. This configuration can be accessed

  • in transaction ALRTCATDEF by choosing Start of the navigation path Settings Next navigation step Configuration End of the navigation path.

  • using the table view maintenance options (transaction SM30) of table SALRTCONF

The following activities are available:

  • Change the setting (technical key 02)

  • Display the setting (technical key 03)

The same applies to the maintenance of the RFC destination to the central alert server on the local systems (via transaction SALRT1). The checks are only performed in local systems as of release SAP NetWeaver '04.

The same activities are offered:

  • Change, create, delete, or transport destination to central alert server (technical key 02)

  • Display the destination to central alert server (technical key 03)

In order to be able to start the administrative reports, the user needs the authorization to execute reports RSALERTDISP and RSALERTPROC (technical key 16).

S_ALM_ROLE - Runtime Modification of Alerts of Other Users

Whenever a user tries to manipulate or to display the alerts of another user, the corresponding activities of authorization object S_ALM_ROLE are checked.

The following activities are available:

  • Change the alerts for other users (technical key 02)

  • Display the alerts of other users (technical key 03)

    The API function modules only perform the checks.