To connect and retrieve data from an SAP System, j5 requires an RFC user in SAP with sufficient authorization to access the required data.
This user must have the following authorization objects assigned to it:
Description |
Auth Object |
Field 1 Name |
Field 1 Val |
Field 2 Name |
Field 2 Val |
Field 3 Name |
Field 3 Val |
---|---|---|---|---|---|---|---|
RFC calls |
S_RFC |
RFC_TYPE |
FUGR |
RFC_NAME |
EM_INT_WS,IBAPI_ALM_ORDER, ITOB_BAPI_EQ,ITOB_BAPI_FL,RFC1, SDIFRUNTIME,SDTX,SYST |
ACTVT |
16 |
PM Notification Types |
I_QMEL |
TCODE |
IW21 |
QMART |
* (or LIST, EG. M2) |
||
Table display |
S_TABU_NAM |
ACTVT |
03 |
TABLE |
EQUI,EQUZ,ILOA,T001W,T356A_T, T370F_T,T370U,TQ80_T,TTZCU, TTZD,TTZDF,TTZDV,TTZR,TTZZ, USR03,VIQMEL |
||
Maintenance Planner Group |
I_INGRP |
TCD |
IE03,IL03,IW33 |
IWERK |
* (OR LIST) |
INGRP |
* (OR LIST) |
Cost Centers |
I_KOSTL |
TCD |
IE03,IL03,IW33 |
KOKRS |
* (OR, EG. 1000) |
KOSTL |
* (OR LIST) |
Authorization Group |
I_BEGRP |
TCD |
IE03,IL03,IW33 |
BEGRP |
* (OR, EG. 1000) |
||
PM: Order Type |
I_AUART |
AUFART |
* (OR LIST) |
IWERK |
* (OR LIST) |
||
Maintenance Planning Site |
I_IWERK |
TCD |
IE03,IL03,IW33 |
IWERK |
* (OR LIST) |
||
Maintenance Site |
I_SWERK |
TCD |
IE03,IL03,IW33 |
SWERK |
* (OR LIST) |
||
Authorization Object for Data Exchange |
SCRMMW |
MW_ACT |
5 |
In the cases where the value of the field is * (for example, Maintenance Site - I_SWERK), the j5 user is granted authorization for all of the maintenance sites. If you require a more restricted list it is possible to specify a list of values here rather than * as the value.
It is suggested that a custom j5 RFC Authorization role containing the above table of authorization objects and field values is created and assigned to the j5 user.
Calls made via SAP PI (PO) middleware, the authorization role SAP_XI_APPL_SERV_USER (Process Integration: Service User for Application Systems) should additionally be added to the user account.
The table above was determined by multiple, separate authorization traces. It may be possible that additional authorization objects are required at some customer sites post-deployment (for example, for custom authorization objects the customer uses, or to take into account modifications and enhancements made to the SAP standard code by the individual customers).
This assessment of authorization objects is therefore only a "best effort".