Authorizations and security are covered more fully in the eCATT Security Guide, which can be found in SAPNet.

Access to the eCATT test system should be strictly controlled.

You need:

• Developer rights (S_DEVELOP with relevant activities) in the eCATT test system.
• RFC rights (S_RFC) in the eCATT test system.
• The relevant authorizations in the target systems.

You need:

• A profile containing S_DEVELOP authorization with activity 16 (Execute) and 03 (Display) in the eCATT test system.
• RFC rights (S_RFC) in the eCATT test system.
• A profile containing S_DEVELOP authorization with activity 16 (Execute) in the target systems.
• The relevant authorizations in the target systems.

The following are some of the security features:

• The administrator can switch GUI Scripting on or off for a particular application server.
• In addition to the server settings, GUI Scripting requires certain components to be installed on the front end. If GUI Scripting is enabled, the user can enable or disable scripting at the front end. Here, you have the option to be notified whenever a script attaches to the SAP GUI or a script opens a connection. eCATT itself never opens a new connection.
• eCATT GUI Scripting does not use Windows Scripting Host.
• The SAPGUI command never records logon screens.

When you record GUI actions in a target system, the security settings of the target system apply. When you replay a SAPGUI command, the security settings of the eCATT system apply.