Preparation for RFC users in SAP systems used for connection from Redwood Finance Automation platform
The ERP Add-On contains pre-delivered roles which can be copied and used for the respective RFC connections.
Role /JCS/FCA_RFC_OUTBOUND
Usage: Authorizations for RFC connection from Redwood Finance Automation platform to ECC.
The RFC user generates temporary variants in the SAP system. Depending on the used ABAP in SAP, application related privileges may be checked.
The table below describes the content of authorization objects, separated by standard and Redwood Finance Automation specific checks.
Standard authorization checks
| Authorization object | Authorization field | Values |
|---|---|---|
| S_RFC(Authorization Check for RFC Access) | ||
| Name of RFC to be protected | /JCS/BC, /JCS/BDC, /JCS/BDC_ERP, /JCS/CKML, /JCS/EXT_RUN, /JCS/EXT_RUN_ERP, /JCS/FCC, /JCS/FCC_ACTIONS, /JCS/FCC_BW, /JCS/FCC_SIE, /JCS/FI, /JCS/FPA_SYNC, /JCS/MA, /JCS/MAINTENANCE, /JCS/SCMA, /JCS/TMS, /REDWOOD/1ISU, /REDWOOD/1XBP, /REDWOOD/2ISU, /REDWOOD/2XBP, 0002, 0004, 0004CORE, ACC9, BATG, BDS_BAPI, FRFC, OCSB, RFC1, RFC_METADATA_GET, SALX, SBAL_DISPLAY, SCCA, SDIFRUNTIME, SDTX, SG00, SPERS_REMOTE, SRFC, SUNI, SVAR_RFC, SXBP, SXBP_CM, SXBP_EXT, SXBP_EXT_SDL_BAPI, SXBP_VAR, SXMB, SXMI, SYST, SYSU, THFB | |
| Type of RFC to be protected | FUGR,FUBA | |
| Name of RFC to be protected | BAPI_CM_PROFILES_GET | |
| Type of RFC to be protected | FUNC | |
| S_ADMI_FCD (System Authorizations) | ||
| System Administrator functions | SP01, SP0R, SPAD | |
| S_BTCH_ADM(Background Administrator) | ||
| Background administrator ID | Y | |
| S_BTCH_JOB(Operations on Background Jobs) | ||
| Job Operations | PLAN, DELE, LIST, RELE, SHOW, PROT,MODI | |
| Summary of jobs for a group | * | |
| S_BTCH_NAM(Background User Name) | ||
| Background User Name for Authorization | * | |
| S_BDC_MONI(Batch Input Authorizations) | ||
| Batch input monitoring activity | DELE, LOCK | |
| Session name | * | |
| S_RZL_ADM(CCMS: System Administration) | ||
| Activity | 01 | |
| S_SPO_ACT - Spool: Actions | ||
| Authorization field for spool | BASE,DISP,ATTR,PRNT,REPR,DELE,USER,SEND,DOWN | |
| Value for authorization check | * | |
| S_SPO_DEV - Spool: Device Authorizations | ||
| Long Device Names | * | |
| Activity | 24, RS | |
| S_OC_SEND(Authorization Object for Sending) | ||
| Valid Comunication Methods | * | |
| Range of number of recipients allowed per send operation | * | |
| S_XMI_LOG(Internal Access Authorization for XMI Log) | ||
| Access method for XMI log | SELECT,REORG | |
| S_XMI_PROD(Authorization for External Management Interfaces (XMI)) | ||
| XMI logging | * | |
| Product | * | |
| Interface ID | * | |
| S_DEVELOP(ABAP Workbench) | ||
| ACTVT | 16 | |
| DEVCLASS | * | |
| OBJNAME | * | |
| OBJTYPE | PROG | |
| P_GROUP | * | |
| S_PROGRAM(ABAP: Program Flow Checks) | ||
| P_ACTION1 | BTCSUBMIT | |
| P_GROUP | * | |
| S_OC_ROLE(SAPoffice: Office User Attribute) | ||
| OFFADMI | * | |
| S_RFC_ADM(Administration for RFC Destination) | ||
| ACTVT | 01, 02, 03 | |
| ICF_VALUE | * | |
| RFCXDEST | CRONACLE*,REDWOOD | |
| RFCTYPE | T |
Application specific authorization checks
| Authorization object | Authorization field | Values |
|---|---|---|
| A_PERI_BUK(Asset Accounting: Authorizations for Periodic Processing) | ||
| AM_ACT_PER | 30.36 | |
| BUKRS | * | |
| FOT_B2A_V | ||
| Activity | 01 | |
| Company Code | * | |
| Return Type for Authorities | * | |
| F_BKPF_KOA(Accounting Document: Authorization) | ||
| Activity | Display | |
| Account Type | Customers, G/L Accounts | |
| F_BKPF_BUK | ||
| Activity | 01, 02, 03 | |
| Company Code | * | |
| F_RPROC (Intercompany Reconciliation: Authorizations) | ||
| ACTVT | 16 | |
| RCOMP | * | |
| RPROC | 003 | |
| F_FAGL_LDR | ||
| Activity | 03 | |
| Company Code | * | |
| Ledger | 0L | |
| Record Type | * | |
| Version | * | |
| F_SKA1_BUK | ||
| Activity | 03 | |
| Company Code | <> | |
| K_VRGNG(CO: Bus. Trans., Actual Postings and Plan/act. Allocations) | ||
| Activity | 02, 03, 16 | |
| CO Business Transaction | * | |
| Controlling Area | * | |
| S_USER_GRP(User Master Maintenance: User Groups) | ||
| ACTVT | 03 | |
| CLASS | * | |
| S_BDS_DS(BC-SRV-KPR-BDS: Authorizations for Document Set) | ||
| ACTVT | 03 | |
| CLASSNAME | SCHEDMAN_TASK | |
| CLASSTYPE | OT | |
| K_REPO_CCA(CO-CCA: Reporting on Cost Centers/Cost Elements) | ||
| ACTVT | 27,28,29 | |
| KOKRS | * | |
| KOSTL | * | |
| KSTAR | * | |
| S_APPL_LOG(Applications log) | ||
| ACTVT | 03 | |
| ALG_OBJECT | * | |
| ALG_SUBOBJ | * | |
| S_TABU_DIS - Table Maintenance | ||
| Activity | 03 | |
| Authorization Group | * | |
| S_OC_DOC(SAPoffice: Authorization for an Activity with Documents) | ||
Role /JCS/FCA_FCC_INBOUND
Usage: Role in FCc context only to connect from SAP to Redwood Finance Automation using BAE inbound interface
Content:
| Authorization object | Authorization field | Values |
|---|---|---|
| S_RFC(Authorization Check for RFC Access) | ||
| Activity | 16 | |
| Name of RFC to be protected | SXBP_EXT_SDL, SXBP_EXT_SDL_BAPI | |
| Type of RFC to be protected | FUGR | |
| S_RFC_ADM(Administration for RFC Destination) | ||
| Activity | * | |
| ICF_VALUE | * | |
| RFCXDEST | CRONACLE* | |
| RFCTYPE | * | |
| S_BTCH_EXT (External Scheduler) | ||
| Activity | * | |
| User Name in User Master Record | * | |
| S_BTCH_ADM (Background Processing: Background Administrator) | ||
| BTCADMIN | Y | |
| S_XMI_PROD(Authorization for External Management Interfaces (XMI)) | ||
| EXTCOMPANY | * | |
| EXTPRODUCT | * | |
| INTERFACE | * |
Copy pre-delivered roles and define RFC connection users
Copy the predelivered roles to roles in customer namespace and assign them to system users to be used for connectivity.
The pre-delivered role role contains typical authorizations, however, depending on the customer transactions and ABAPs to be used, the authorizations of the role may need to be adapted.
tip
Use a system user (non dialog user) with SAP_ALL authority for the RFC outbound, Otherwise additional security/authorization tests need to be run in addition to identify missing authorizations.
Needed parameters for RFC user
The RFC user requires a number of default parameters. These are required by some ABAP programs. Without them selection variants are not chosen correctly (for example transactions KO8G or KGI4 ).
Please setup the following parameters in the system by using the user maintenance (SAP transaction SU01 ):
| Parameter name | Value | Description |
|---|---|---|
| ORV | Existing variant for program RKOSEL000 | Selection variant for internal orders. The variant does not have to necessarily exist. |
| CAC | Used controlling area | Default controlling area |
| PDB | Profile for logical database, for example default 000000000001 | For transaction PSJ |
The user maintenance dialog In the ECC system looks as follows:
financeTopic