Roles and Authorizations Used in Background Processing
PDF download from SAP Help Portal:
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/86/f7f3393bef4604e10000000a11402f/content.htm Created on October 23, 2014 The documentation may have changed since you downloaded the PDF. You can always find the latest information on SAP Help Portal. Note This PDF document contains the selected topic and its subtopics (max. 150) in the selected structure. Subtopics from other structures are not included. 2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Table of content PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved. Page 1 of 3 Table of content 1 Roles and Authorizations Used in Background Processing PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved. Page 2 of 3 Roles and Authorizations Used in Background Processing The roles provided contain authorizations. The following predefined user roles are available:
SAP_BC_BATCH_ADMIN This role contains all authorizations for background processing administration, including the creation of background jobs and general administrations functions (SMxx transaction codes, in particular SM36, SM37, SM50, and SM51) Note that the administrator role includes operating system access due to the fact that the administrator can define operating system commands. For more information, see Logical Operating System Commands in this Guide.
SAP_BC_ENDUSER This role contains non-critical basis authorizations for all users, including job creation and job release.
The table below shows the authorizations used in background processing: Authorizations for Background Processing Authorization Object Fields Value Meaning S_BTCH_JOB JOBACTION DELE Delete other users jobs LIST (not used) PROT Display job logs belonging to other users RELE Release own jobs automatically SHOW Display other users job definitions JOBGROUP * Reserved, set to * S_BTCH_NAM BTCUNAME <name> Authorized user when scheduling S_BTCH_ADM BTCADMIN Y User is batch administrator N or empty Restricted to jobs in current client In addition, note the following: A user with batch administrator privileges can do anything with jobs in all clients (authorization object S_BTCH_ADM, field batch administrator set to Y). Without this authorization, users can only work on jobs in the client in which they are logged on. All users can schedule, cancel, delete, and check the status of their own jobs with no additional special authorizations. However, additional authorizations are needed for: Releasing ones own batch jobs (S_BTCH_JOB: Action=RELE) Showing logs of all jobs (S_BTCH_JOB: Action=PROT) Assigning ABAP programs to a job step (S_PROGRAM) Assigning a different user to a job step (S_BTCH_NAM). A user without batch administrator privileges is restricted to working with class C (low priority) jobs and to his or her own jobs in the client that he or she is logged on to. Authorizations that allow a user to delete jobs or display information belonging to other users are: Deleting the jobs belonging to other users (S_BTCH_JOB: Action=DELE) Display job definitions and spool lists belonging to other users (S_BTCH_JOB: Action=SHOW) For the execution of external commands within jobs, the user needs an authorization for the object S_LOG_COM. For more information, see SAP Notes 28162 and 101146.
PUBLIC 2014 SAP SE or an SAP affiliate company. All rights reserved. Page 3 of 3