The system authorizations specify which functions a spool administrator can run in which client.
Use
The system checks an administrators authorizations if an administrator wants to perform the following actions:
· Manage the spool requests of another user
· Set up and manage devices
· Administer TemSe
Structure
System administrators require one or more values for the authorization object S_ADMI_FCD to be able to administer the spool system in certain clients:
The authorization values can be divided into the following groups:
· Administrating spool requests in the spool administration
The authorization to administrate spool requests is controlled using the values SP01 and SPOR.
SP01:
An additional authorization for object S_SPO_ACT is required for accessing spool requests of other users in the current client (client of the request = client of the administrator).
The owner automatically has the authorization S_SPO_ACT BASE to access spool requests in other clients (client of the request ¹ client of the administrator), to list spool requests and their attributes.
If the administrator has the authorizations SPAD and SPAM for the authorization object S_ADMI_FCD, he or she has unrestricted access to spool requests for other clients.
SPOR: An additional authorization is required for object S_SPO_ACT to access spool requests of other users.
· Spool Administration
The authorization for spool administration is controlled using the two groups of authorization values SPAD and SPAR.
SPAD: Authorization for cross-client spool administration
SPAR: Authorization for client-specific spool administration
· Functional Authorizations
Without a functional authorization, the owner of SPAD cannot perform any spool administration functions.
The values SPAA, SPAB, SPAC, and SPAM are functional authorizations.
· TemSe Administration
The TemSe data store is a store for spool request data, background processing job logs, and other data that must usually only be retained in the system for limited periods of time.
SPTD and SPTR are TemSe authorizations.
Integration
To be able to manage spool requests of other users, the administrator requires the corresponding authorizations for the output controller of the authorization object S_SPO_ACT.
The following table lists actions with the checked authorization objects and the associated field values:
| Action | Authorization Object | Authorization Field Value |
| Administer spool requests in the current client | S_ADMI_FCD ----------------------------- S_SPO_ACT | SPOR or SP01 ------------------------------ Depending on the operation to be performed |
| Administer spool requests in other clients (client of the request ¹ client of the administrator) | S_ADMI_FCD ---------------------------- S_SPO_ACT | SP01, SPAD, SPAM -------------------------------- By default, BASE = display authorization All other functions require the corresponding value. |
If the user wants to print the request on a printer, he or she also requires an additional device authorization for S_SPO_DEV.
Example
You can assign a user the authorizations for the spool output control with the values below. The user can perform all for spool output control operations.
| Authorization Object | Field | Values |
| S_ADMI_FCD (system authorization) | S_ADMI_FCD (system administration function) | SPAD, SPAM, SP01 |
| S_SPO_ACT (Spooler: actions) | SPOACTION (Authorization field for spooler actions) SPOAUTH (value for the authorization check) | * (asterisk)
* (asterisk) |
| S_SPO_DEV (Device authorization) | SPODEVICE (Name of the output device) | * (asterisk) |
For more information about spool authorizations, see SAP Note 119147.
No comments:
Post a Comment