Protecting the Batch Input Sessions

To protect the batch input session from misuse, note the following:

• ·        Protect the sequential file used for batch input from unauthorized access.
• ·        Because the dialog mode allows for changing the input fields, we recommend processing the batch input sessions as background tasks unless absolutely necessary.
• ·        Define the batch input users as system users with only the authorizations necessary to process their corresponding sessions.
  Note

  This option applies only for sessions that are processed as background tasks. Otherwise, the user logged on needs the authorizations necessary to process the session.

• ·        Be restrictive with batch input authorizations.

  Batch input processing is initiated using transaction SM35 and the corresponding authorization object checked is S_BDC_MONI. This object allows you to specify which session processing a user is allowed to start (based on the session name). Therefore, depending on your organization, we recommend either of the following:

  • ¡        Assign the batch input administration authorizations centrally. The advantage with this scenario is that the batch input administrators can have the authorizations to start all sessions and do not need to have the authorizations to process the applications. In addition, no other users need to have batch input administration authorizations.
  • ¡        Define a naming policy for the batch input sessions so that users cannot process sessions belonging to other users. Assign the authorizations accordingly.