he roles provided contain authorizations.
The following predefined user roles are available:
- SAP_BC_BATCH_ADMIN
This role contains all authorizations for background processing administration, including the creation of background jobs and general administrations functions (SMxx transaction codes, in particular SM36, SM37, SM50, and SM51)
Note that the administrator role includes operating system access due to the fact that the administrator can define operating system commands. For more information, see Logical Operating System Commands in this Guide.
- SAP_BC_ENDUSER
This role contains non-critical basis authorizations for all users, including job creation and job release.
The table below shows the authorizations used in background processing:
Authorizations for Background Processing
Authorization Object | Fields | Value | Meaning |
S_BTCH_JOB | JOBACTION | DELE | Delete other users jobs |
|
| LIST | (not used) |
|
| PROT | Display job logs belonging to other users |
|
| RELE | Release own jobs automatically |
|
| SHOW | Display other users job definitions |
| JOBGROUP | * | Reserved, set to * |
S_BTCH_NAM | BTCUNAME | Authorized user when scheduling | |
S_BTCH_ADM | BTCADMIN | Y | User is batch administrator |
|
| N or empty | Restricted to jobs in current client |
In addition, note the following:
· A user with batch administrator privileges can do anything with jobs in all clients (authorization object S_BTCH_ADM, field “batch administrator” set to “Y”). Without this authorization, users can only work on jobs in the client in which they are logged on.
· All users can schedule, cancel, delete, and check the status of their own jobs with no additional special authorizations. However, additional authorizations are needed for:
¡ Releasing one’s own batch jobs (S_BTCH_JOB: Action=RELE)
¡ Showing logs of all jobs (S_BTCH_JOB: Action=PROT)
¡ Assigning ABAP programs to a job step (S_PROGRAM)
¡ Assigning a different user to a job step (S_BTCH_NAM).
A user without batch administrator privileges is restricted to working with class C (low priority) jobs and to his or her own jobs in the client that he or she is logged on to.
· Authorizations that allow a user to delete jobs or display information belonging to other users are:
¡ Deleting the jobs belonging to other users (S_BTCH_JOB: Action=DELE)
¡ Display job definitions and spool lists belonging to other users (S_BTCH_JOB: Action=SHOW)
· For the execution of external commands within jobs, the user needs an authorization for the object S_LOG_COM.
For more information, see SAP Notes 28162 and 101146.
No comments:
Post a Comment