Roles and Authorizations Used in Background Processing

PDF download from SAP Help Portal:

http://help.sap.com/saphelp_nw70ehp2/helpdata/en/86/f7f3393bef4604e10000000a11402f/content.htm
Created on October 23, 2014
The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help Portal.
Note
This PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included.
2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE
and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by
SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be
liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express
warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other
SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other
countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.
Table of content
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 1 of 3
Table of content
1 Roles and Authorizations Used in Background Processing
PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 2 of 3
Roles and Authorizations Used in Background Processing
The roles provided contain authorizations.
The following predefined user roles are available:

SAP_BC_BATCH_ADMIN
This role contains all authorizations for background processing administration, including the creation of background jobs and general administrations
functions (SMxx transaction codes, in particular SM36, SM37, SM50, and SM51)
Note that the administrator role includes operating system access due to the fact that the administrator can define operating system commands. For more
information, see Logical Operating System Commands in this Guide.

SAP_BC_ENDUSER
This role contains non-critical basis authorizations for all users, including job creation and job release.

The table below shows the authorizations used in background processing:
Authorizations for Background Processing
Authorization Object Fields Value Meaning
S_BTCH_JOB JOBACTION DELE Delete other users jobs
LIST (not used)
PROT Display job logs belonging to other users
RELE Release own jobs automatically
SHOW Display other users job definitions
JOBGROUP * Reserved, set to *
S_BTCH_NAM BTCUNAME <name> Authorized user when scheduling
S_BTCH_ADM BTCADMIN Y User is batch administrator
N or empty Restricted to jobs in current client
In addition, note the following:
A user with batch administrator privileges can do anything with jobs in all clients (authorization object S_BTCH_ADM, field batch administrator set to Y).
Without this authorization, users can only work on jobs in the client in which they are logged on.
All users can schedule, cancel, delete, and check the status of their own jobs with no additional special authorizations. However, additional authorizations are
needed for:
Releasing ones own batch jobs (S_BTCH_JOB: Action=RELE)
Showing logs of all jobs (S_BTCH_JOB: Action=PROT)
Assigning ABAP programs to a job step (S_PROGRAM)
Assigning a different user to a job step (S_BTCH_NAM).
A user without batch administrator privileges is restricted to working with class C (low priority) jobs and to his or her own jobs in the client that he or she
is logged on to.
Authorizations that allow a user to delete jobs or display information belonging to other users are:
Deleting the jobs belonging to other users (S_BTCH_JOB: Action=DELE)
Display job definitions and spool lists belonging to other users (S_BTCH_JOB: Action=SHOW)
For the execution of external commands within jobs, the user needs an authorization for the object S_LOG_COM.
For more information, see SAP Notes 28162 and 101146.


PUBLIC
2014 SAP SE or an SAP affiliate company. All rights reserved.
Page 3 of 3