Privileges Required to use SAP Systems 
To use SAP systems, you need either:
scheduler-administrator role
system, partition or isolation goup-level permissions
object-specific privileges
Creating SAP Systems
You need one of the following privilege ranks to be able to create SAP systems:
Create - allows you to create SAP systems on the level the privilege was granted (system, partition, isolation-group), you have no further privileges through this rank, you automatically get privileges on SAP systems you create.
Edit - allows you to create, view, and edit all SAP systems on the level the privilege was granted (system, partition, isolation-group)
Delete - allows you to create, view, and delete all SAP systems on the level the privilege was granted (system, partition, isolation-group)
All - full control over all SAP systems on the level the privilege was granted (system, partition, isolation-group)
Editing SAP Systems
To successfully edit a SAP system, you have to have one the following privileges:
Edit - privilege rank on the SAP system, or on SAP systems in its partition, isolation group or system-wide
Delete - privilege rank on the SAP system, or on SAP systems in its partition, isolation group or system-wide
All - privilege rank on the SAP system, or on SAP systems in its partition, isolation group or system-wide
SAP systems can reference the following objects, you need at least View privileges on these objects when you want to edit a SAP system that references them:
Application
Events
Using the SAP CPS RFC Server
A special rank allows you to use the RFC server for Closing Cockpit, Solution Manager integration and use of other SAP technologies.
Business Automation API - allows you to interact with SAP CPS from within an ABAP stack of an SAP instance.