This website is not affiliated with, sponsored by, or approved by SAP AG.

SAP_ALL access requiered for SWU3 configuration?

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

SAP_ALL access requiered for SWU3 configuration?

Postby Penelope » Tue Jun 28, 2011 9:22 am

Hi everyone,

We need to run Automatic Workflow Customizing (SWU3) but I´m not sure who runs this TX (SAP*, DDIC or basis user) and whether the user who runs SWU3 needs SAP_ALL auth or not.

Our Basis team doesn´t have SAP_ALL but restricted auth to basis activities (for example basis doens´t have SU01 auth).

Any suggestion? I´m searching for SAP official documentation on the matter but haven´t found anything so far.

Thanks in advance. Pen
Penelope
 
Posts: 28
Joined: Wed Feb 21, 2007 11:08 am
Location: Buenos Aires - Argentina

Re: SAP_ALL access requiered for SWU3 configuration?

Postby Gothmog » Tue Jun 28, 2011 12:12 pm

I'm shadowing this in the Security forum, as our experts there might know.
68 74 74 70 3a 2f 2f 74 69 6e 79 75 72 6c 2e 63 6f 6d 2f 62 64 6f 37 6d 77 67
Gothmog
 
Posts: 1941
Joined: Wed Sep 12, 2007 4:46 am
Location: Probably not home

Re: SAP_ALL access requiered for SWU3 configuration?

Postby thx4allthefish » Wed Jun 29, 2011 12:13 am

Look in SU24 which objects are checked. Match them against the roles of your Basis-people (or whoever you want to run that transaction).

And no, neither DDIC nor SAPstar come into it at any point.
curiousorange wrote:I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?
thx4allthefish
 
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel

Re: SAP_ALL access requiered for SWU3 configuration?

Postby Penelope » Wed Jun 29, 2011 6:11 am

thx4allthefish wrote:Look in SU24 which objects are checked. Match them against the roles of your Basis-people (or whoever you want to run that transaction).

And no, neither DDIC nor SAPstar come into it at any point.


Thank you. We've just created a rol with those auths required for SWU3 in SU24.
Thanks!
Penelope
 
Posts: 28
Joined: Wed Feb 21, 2007 11:08 am
Location: Buenos Aires - Argentina

Re: SAP_ALL access requiered for SWU3 configuration?

Postby os » Mon Jul 04, 2011 1:30 pm

What you are looking for is described in SAP Note 1251255.

In summary, if the SWU3 user only has SAP_ALL, then it does not work anymore... as assuming SAP_ALL is not supposed to work.

The note includes information about that which the WF-BATCH user will need. You can add these manually after copying them and will need to refine your application authorizations for your own workflow scenarios.

Note that some RFC FMs have the destinations as local parameters... hence the logical destinations are also potentially critical. If you have inbound processing setup, then latest you should restrict the access of the workflow engine.
os
 
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am

Re: SAP_ALL access requiered for SWU3 configuration?

Postby sonia2010 » Sun Jan 15, 2012 1:08 am

Hi,
Look in SU24 which objects are checked. Match them against the roles of your Basis-people (or whoever you want to run that transaction).
I suggest for you that you must determine the su24 objects in detail and then check their compatibility ...etc
sonia2010
 
Posts: 9
Joined: Sun Jan 08, 2012 12:01 pm


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 3 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.