| Note |
|---|
Currently users require the permission to schedule the BPF program /PCH/BPF_RUNTIME_ACTIONS as job in case of temporary errors like object locks during status change. This will be changed in a future release. The authorization required is: Authority object: S_BTCH_JOB Field: JOBGROUP value: <empty> Field JOBACTION value: ‘RELE’ |
...
Besides the classic process modelling application several expert tools (see ProProcess Customizing Manual) exist which require the authority object /PCH/BPFCF. The authority object contains a predefined function and an activity. The values are described below.
Authority function | Activity | Description |
|---|---|---|
CONSIST | 06, 39 | Consistency check of the whole process modelling data (39) including cleanup of invalid data (06) |
TPCHEK | 39 | Consistency check between process data stored on the database and the data recorded in the corresponding transport task |
WF | 01, 02, 06 | Workflow utilities to check, create, update, repair, activate and delete workflow patterns. Authorization is only needed for creating (01), changing and activation (02) and deleting (06) workflow patterns. |
...
In some cases, it is needed that an administrator is changing something on ongoing processes (see ProProcess User Manual). There are several actions available, which are all protected using the authorization object /PCH/BPFAD and a function. The following predefined functions are available:
Authority function | Description |
|---|---|
1000 | Change status of a process (currently only aborting) |
1001 | Change description of a process |
1100 | Solve problems of erroneous processes |
1101 | Ignore problems of erroneous processes |
1200 | Restart erroneous processes |
1900 | Delete process (currently not supported) |
2001 | Adjust gateways |
3001 | Adjust threshold of parallel part processes |
4000 | Change status of an activity (currently only completing) |
4001 | Activate/deactivate activities |
4002 | Replicate activities |
4500 | Reset workitem reservation |
5000 | Change agents of an activity |
6000 | Change status of a task (currently only completing) |
8000 | Change deadlines |
8001 | Change priorities |
8002 | Change protocol (currently not supported) |
9001 | Chagen object list |
...
In case of Gateway Hub Systems, this authorization must be assigned in the back-end system.
Field | Value |
|---|---|
Type | TADIR Service |
PgId | R3TR |
Object Type | IWSV |
Object Name | My Inbox integration:
Dashboard and Process List:
|
In case of Gateway Hub Systems, the authorization must be assigned in the front-end system.
Field | Value |
|---|---|
Type | TADIR Service |
PgId | R3TR |
Object Type | IWSG |
Object Name | <technical service name>_<service version 4 digits with leading zeros> (use available Value Help). The name depends on the prefix used during service activation.
Dashboard and Process List:
|
Please keep in mind, that any user using any SAP ODATA Service in a non local deployment scenario (call via RFC) need proper backend authorizations for the Gateway RFC Interface. Please refer to the SAP NetWeaver Gateway Foundation Security Guide for more Information on your landscape setup. The user should have at least the following authorizations for the authorization object S_RFC:
Field | Value |
|---|---|
Type of RFC object to which access is to be allowed | FUGR (Function group) |
Name (Whitelist) of RFC object to which access is allowed | /IWBEP/FGR_MGW_CLIENT_IF |
Activity | 16 (Execute) |
...