Page Comparison

Normal user do not need any special authorization to work with ProProcess. Authorizations But authorizations like for example changing a object might be checked on the level of certain task, which are completely independent of ProProcess.

Special authorizations are required for certain task at definition and at run time.

Authorization for special customizing/modelling tools

Besides the classic process modelling application several expert tools (see ProProcess Customizing Manual) exist which require the authority object /PCH/BPFCF. The authority object contains a predefined function and an activity. The values are described below.

...

Authority function

...

Activity

...

Description

...

CONSIST

...

06, 39

...

Consistency check of the whole process modelling data (39) including cleanup of invalid data (06)

...

TPCHEK

...

39

...

Consistency check between process data stored on the database and the data recorded in the corresponding transport task

...

WF

...

01, 02, 06

...

Workflow utilities to check, create, update, repair, activate and delete workflow patterns. Authorization is only needed for creating (01), changing and activation (02) and deleting (06) workflow patterns.

Authorization for process administrators

In some cases, it is needed that an administrator is changing something on ongoing processes (see ProProcess User Manual). There are several actions available, which are all protected using the authorization object /PCH/BPFAD and a function. The following predefined functions are available:

...

Authority function

...

Description

...

1000

...

Change status of a process (currently only aborting)

...

1001

...

Change description of a process

...

1100

...

Solve problems of erroneous processes

...

1101

...

Ignore problems of erroneous processes

...

1200

...

Restart erroneous processes

...

1900

...

Delete process (currently not supported)

...

2001

...

Adjust gateways

...

3001

...

Adjust threshold of parallel part processes

...

4000

...

Change status of an activity (currently only completing)

...

4001

...

Activate/deactivate activities

...

4002

...

Replicate activities

...

4500

...

Reset workitem reservation

...

5000

...

Change agents of an activity

...

6000

...

Change status of a task (currently only completing)

...

8000

...

Change deadlines

...

8001

...

Change priorities

...

8002

...

Change protocol (currently not supported)

...

9001

...

Chagen object list

...

The access to the back-end services of ProProcess are protected by the SAP default authorization object for ODATA Services (S_SERVICE).

The following fields and values are being checked. For details please refer to the authorization object documentation.

In case of Gateway Hub Systems, this authorization must be assigned in the back-end system.

...

Field

...

Value

...

Type

...

TADIR Service

...

PgId

...

R3TR

...

Object Type

...

IWSV

...

Object Name

...

My Inbox integration:

• /PCH/BPF_INBOX_SRV 0001

• /PCH/BPF_TASKS_SRV 0001

Dashboard and Process List:

• /PCH/BPF_REPORTING_SRV 0001

In case of Gateway Hub Systems, the authorization must be assigned in the front-end system.

...

Field

...

Value

...

Type

...

TADIR Service

...

PgId

...

R3TR

...

Object Type

...

IWSG

...

Object Name

...

<technical service name>_<service version 4 digits with leading zeros> (use available Value Help). The name depends on the prefix used during service activation.
My Inbox integration:

• e.g. ZBPF_INBOX_SRV_0001

• e.g. ZBPF_TASK_SRV_0001

Dashboard and Process List:

• e.g. ZBPF_REPORTING_SRV_0001

Please keep in mind, that any user using any SAP ODATA Service in a non local deployment scenario (call via RFC) need proper backend authorizations for the Gateway RFC Interface. Please refer to the SAP NetWeaver Gateway Foundation Security Guide for more Information on your landscape setup. The user should have at least the following authorizations for the authorization object S_RFC:

...

Field

...

Value

...

Type of RFC object to which access is to be allowed

...

FUGR (Function group)

...

Name (Whitelist) of RFC object to which access is allowed

...

/IWBEP/FGR_MGW_CLIENT_IF

...

Activity

...

tasks.