Assigning Authorization to Transaction and Search Help
Screen Scraping provides security features to ensure that data is not compromised, including the following requisites:
Both end users and developers are required to have user accounts in the SAP backend system and in SAP Gateway in order to have access to Screen Scraping services.
Developers are required to have authorizations to run the transactions they want to record using Screen Scraping in the SAP backend system in order to create SAP Gateway services from Data Models (based on the recorded transactions).
End users must have authorizations to run the specific transaction in the SAP backend system, otherwise they cannot use the SAP Gateway service based on the recorded transaction.
Both end users and developers are required to have authorizations in the SAP backend system to run SCR_RFCs (authorization object S_RFC ).
You, as the SAP backend system administrator, can use the Screen Scraping authorizations for transactions and search help to determine users' access to these objects remotely.
You should configure Screen Scraping to determine access to transactions and search help in each SAP backend system.
Use the following authorizations, which are in the Screen Scraping role templates, to assign authorizations to allow and determine users' access at design time and at runtime:
/IWSCS/RT_SCR_DEV: This is the role template for developers to use Screen Scraping, including the following authorization objects:
S_RFC
Authorization object for Remote Function Calls (RFC) at design time.
/IWSCS/TR
Authorization object for determining access to transactions in the SAP backend system.
The default is the wildcard character *, which allows anyone assigned to the Screen Scraping developer role to use and publish all transactions in the SAP backend system.
/IWSCS/SH
The authorization object for determining access to search help in the SAP backend system.
The default is the wildcard character *, which allows anyone assigned to the Screen Scraping developer role to use and publish all search help in the SAP backend system.
/IWSCS/RT_SCR_USR: This is the role template for end users in Screen Scraping. It includes the following authorization objects:
S_RFC
Authorization object for Remote Function Calls (RFC) at runtime.
By default, it contains a list of function groups used at runtime. These groups should not be changed. You must determine users' access to the objects.
/IWSCS/TR
Authorization object for determining access to transactions in the SAP backend system.
By default it is empty, no-one can access any transaction. You must determine which users can use and publish transactions in the SAP backend system.
/IWSCS/SH
The authorization object for determining access to search help in the SAP backend system.
By default it is empty, no-one can access any search help. You must determine which users can use which search help in the SAP backend system.
For more information about configuring roles based on the Screen Scraping role templates, see User, Developer, and Administrator Authorizations.
Requirements
You have an administrator user in the SAP backend system in which you have installed the Screen Scraping Add-On.
You have configured roles for Screen Scraping users based on the role templates for Screen Scraping.
To determine access to transactions and search help in the SAP backend system:
Log into your SAP system and enter the transaction PFCG.
Choose the Screen Scraping developer or user role that you have created, and choose Change.
In the Edit Template screen, select the Role tab and expand the tree under Screen Scraping to display the authorization objects for search help and transactions.
Expand the authorization object you want to configure (Search Help or Transactions), click the display icon, and press F4 in the Field Values window to select the entities to which you want to allow access.
To enable access to all entities, use the character *.
For example, expand the object /IWSCS/SH.