BPF Authorization

Normal user do not need any special authorization to work with ProProcess. But authorizations like for example changing a object might be checked on the level of certain tasks.

Authorization for special customizing/modelling tools

Besides the classic process modelling application several expert tools (see ProProcess Customizing Manual) exist which require the authority object /PCH/BPFCF.

Authorization for process administrators

In some cases, it is needed that an administrator is changing something on ongoing processes (see ProProcess User Manual). There are several actions available, which are all protected using the authorization object /PCH/BPFAD and a function.

Fiori Apps and SAP MyInbox integration

The access to the back-end services of ProProcess are protected by the SAP default authorization object for ODATA Services (S_SERVICE).

The following fields and values are being checked. For details please refer to the authorization object documentation.

In case of Gateway Hub Systems, this authorization must be assigned in the back-end system.

In case of Gateway Hub Systems, the authorization must be assigned in the front-end system.

Please keep in mind, that any user using any SAP ODATA Service in a non local deployment scenario (call via RFC) need proper backend authorizations for the Gateway RFC Interface. Please refer to the SAP NetWeaver Gateway Foundation Security Guide for more Information on your landscape setup. The user should have at least the following authorizations for the authorization object S_RFC:

Schedule /PCH/BPF_RUNTIME_ACTIONS as background job

Currently users require the permission granted by authority object S_BTCH_JOB to schedule the BPF program /PCH/BPF_RUNTIME_ACTIONS as job in case of temporary errors like object locks during status change.