Page Comparison

...

...

...

...

...

...

...

...

...

...

...

...

Currently users require the permission to schedule the BPF program /PCH/BPF_RUNTIME_ACTIONS as job in case of temporary errors like object locks during status change. This will be changed in a future release. The authorization required is:

Authority object: S_BTCH_JOB

Field: JOBGROUP value: <empty>

Field JOBACTION value: ‘RELE’

Normal user do not need any special authorization to work with ProProcess. Authorizations But authorizations like for example changing a object might be checked on the level of certain task, which are completely independent of ProProcess.Special authorizations are required for certain task at definition and at run timetasks.

Authorization for special customizing/modelling tools

Besides the classic process modelling application several expert tools (see ProProcess Customizing Manual) exist which require the authority object /PCH/BPFCF. The authority object contains a predefined function and an activity. The values are described below.

...

Authority function

...

Activity

...

Description

...

CONSIST

...

06, 39

...

Consistency check of the whole process modelling data (39) including cleanup of invalid data (06)

...

TPCHEK

...

...

Consistency check between process data stored on the database and the data recorded in the corresponding transport task

...

WF

...

01, 02, 06

...

Authorization

...

for

...

process administrators

In some cases, it is needed that an administrator is changing something on ongoing processes (see ProProcess User Manual). There are several actions available, which are all protected using the authorization object /PCH/BPFAD and a function. The following predefined functions are available:

...

Authority function

...

Description

...

1000

...

Change status of a process (currently only aborting)

...

1001

...

Change description of a process

...

1100

...

Solve problems of erroneous processes

...

1101

...

Ignore problems of erroneous processes

...

1200

...

Restart erroneous processes

...

1900

...

Delete process (currently not supported)

...

2001

...

Adjust gateways

...

3001

...

Adjust threshold of parallel part processes

...

4000

...

Change status of an activity (currently only completing)

...

4001

...

Activate/deactivate activities

...

4002

...

Replicate activities

...

4500

...

Reset workitem reservation

...

5000

...

Change agents of an activity

...

6000

...

Change status of a task (currently only completing)

...

8000

...

Change deadlines

...

8001

...

Change priorities

...

8002

...

Change protocol (currently not supported)

...

9001

...

Chagen object list

Fiori Apps and SAP MyInbox integration

The access to the back-end services of ProProcess are protected by the SAP default authorization object for ODATA Services (S_SERVICE).

...

In case of Gateway Hub Systems, this authorization must be assigned in the back-end system.

In case of Gateway Hub Systems, the authorization must be assigned in the front-end system.

Please keep in mind, that any user using any SAP ODATA Service in a non local deployment scenario (call via RFC) need proper backend authorizations for the Gateway RFC Interface. Please refer to the SAP NetWeaver Gateway Foundation Security Guide for more Information on your landscape setup. The user should have at least the following authorizations for the authorization object S_RFC:

Schedule /PCH/BPF_RUNTIME_ACTIONS as background job

Currently users require the permission granted by authority object S_BTCH_JOB to schedule the BPF program /PCH/BPF_RUNTIME_ACTIONS as job in case of temporary errors like object locks during status change.