Show TOC Start of Content Area

Background documentation Authorization Objects Used in eCATT Authorization  Locate the document in its SAP Library structure

Authorizations for the following authorization objects are required to enable users to work with eCATT:

S_TCODE

Authorizations based on the object S_TCODE regulate the transactions that users are allowed to start. Hence it is possible to restrict a user’s authorization to the extent that he or she can start no transactions in the system other than SECATT. This authorization is always checked by the SAP kernel.

Field

Description

TCD

Permitted transaction code or codes

S_DEVELOP

S_DEVELOP is the authorization object used to regulate access to all development objects in an SAP system. While this potentially gives a user extremely wide-ranging rights, the granularity of the object allows you to create authorizations that restrict access to a particular kind of object (for example, you can stipulate that a user may only work with eCATT objects), particular packages, and particular activities (for example, execute, but not create, change, or delete).

Field

Description

DEVCLASS

Package(s) whose objects the user may change

OBJTYPE

Object types that the user may change

OBJNAME

Object names that the user may change

P_GROUP

Program group (applies only to programs)

ACTVT

Permitted activities (create, change, … )

S_RFC

This is a system-side authorization object that is called upon when users try to execute functions in remote systems. It allows you to restrict the function modules that can be called to those in specified function groups.

Field

Description

RFC_TYPE

Type of RFC object that the user can work with. Can only take the value ‘FUGR’ (function group)

RFC_NAME

Name of the function group or groups whose function modules the user may execute

ACTVT

Activity. Can only take the value ‘16’ (execute)

S_ADMI_FCD

This is a system administration authorization object. The system checks it when a user tries to create an RFC destination.

Field

Description

S_ADMI_FCD

The different system administration functions that the user may perform

S_RFCACL

This is a system administration authorization object. The system checks it when a user tries to log onto a target system using trusted RFC.

Field

Description

RFC_SYSID

The system ID of the originating system

RFC_CLIENT

The client of the originating system

RFC_USER

The user in the originating system

RFC_EQUSER

Flag: Must the user in the target system be the same as the user in the originating system?

RFC_TCODE

Transaction code of the application that executed the call

RFC_INFO

 

ACTVT

Activity (only supports 16 – Execute)

 

End of Content Area