Permissions with status
Organisational allocation
WF-BATCH: The WF-BATCH user is used for background processing in SAP Business Workflow and is created automatically when customising workflows. WF-BATCH is often associated with the SAP_ALL profile because the exact requirements for the permissions depend on the user's usage. The password of the user can be set and synchronised via the transaction SWU3. Safeguard measures: After automatic generation, change the user's password and assign it to the SUPER user group.
If you want to allow users to access only individual table rows, you can use the S_TABU_LIN authorization object, which allows access to specific rows of a table for defined organisational criteria. A prerequisite for this type of permission is that the tables have columns with such organisational values, such as the work, country, accounting area, etc. You must now configure these organisational values in the system as organisational criteria that represent business areas; serve as a bridge between the organisational columns in the tables and the permission field in the authorization object. Since the organisational criteria are found in several tables, this eligibility check need not be bound to specific tables and can be defined across tables.
What are SAP authorizations?
Together with you, we develop suitable authorizations for your systems and processes. In workshops with your departments, we create concepts to assign the required rights to employees. The goal is to define so-called job roles, which represent job profiles at the job level.
The next step is to evaluate the usage data; here the monthly aggregates are typically sufficient. These include the user ID, function block, and number of calls. For an overview of the usage data already stored in the system, see the SWNC_COLLECTOR_GET_DIRECTORY function block (GET_DIR_FROM_CLUSTER = X input parameter). The actual downloading of the usage data is then performed using the function block SWNC_COLLECTOR_GET_AGGREGATES.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
At www.sap-corner.de you will also find a lot of useful information on the subject of SAP authorizations.
Also essential parameters, such as NO_IMPORT_ALL and VERS_AT_IMP should be set correctly, so that on the one hand only all released requests are transported and on the other hand the transported versions are logged.
This includes local and global administrator locks.