<br><font size=2 face="sans-serif">Miguel,</font><br><br><font size=2 face="sans-serif">I do not have direct experience with
limiting the authorizations of WF-BATCH. However...</font><br><br><font size=2 face="sans-serif">Practical Workflow for SAP, 2nd Edition
Section 3.1.2 (page 88 in the hardbound edition) states:</font><br><br><font size=2 face="sans-serif">"...However the background user
<meaning WF-BATCH> must have the authorization SAP_ALL if the workflow
system is to function without problems ..."</font><br><br><font size=2 face="sans-serif">The text goes further to say (and I'll
paraphrase) that user WF-BATCH can be configured as a system user (no GUI
login possible). You can also configure your security so that the
RFC destination WORKFLOW_LOCAL_xxx cannot be used by programs other than
the workflow engine. If this user and RFC destination were configured
automatically then WF-BATCH also has a password that is generated randomly
and cannot be used with other RFC destinations because no one knows the
password.</font><br><br><font size=2 face="sans-serif">The text mentions SAP Note 1251255 as
options to limit the security of WF-BATCH. The book also mentions
that implementing this note is kind of a headache.</font><br><br><font size=2 face="sans-serif">If you have already bought Practical
Workflow for SAP ('da big book O' workflow) and have read this, then please
ignore and my apologies. Otherwise it is the best $79.95 you will
ever spend for an SAP book - assuming you regularly work in workflow. Maybe
you can use its recommendations to push back on your auditors. </font><br><br><font size=2 face="sans-serif">If that doesn't work, the book has 953
pages and you can always throw it at them ;-)</font><br><br><font size=2 face="sans-serif"><br></font><font size=4 color=#808000><b> </b></font><p><font size=4 color=#808000><b>Michael McLey</b></font><font size=3 color=#808000><b></b><br>MBUSI - IT Parts & Administration </font><font size=2 color=#808000><br>Mercedes-Benz US International, Inc.</font><font size=3 color=#808000></font><font size=2 color=#808000><br>1 Mercedes Drive</font><font size=3 color=#808000> </font><font size=2 color=#808000><br>Vance, AL 35490</font><font size=3 color=#808000> </font><font size=2 color=#808000><br>PHONE: (205) 462 - 5239</font><font size=3 color=#808000> </font><font size=2 color=#808000><br>EMAIL: michael.mcley@daimler.com</font><font size=3 color=#808000>
</font><br><br><br><table width=100%><tr valign=top><td width=40%><font size=1 face="sans-serif"><b>VieraM@dhcmc.com</b> </font><br><font size=1 face="sans-serif">Sent by: sap-wug-bounces@mit.edu</font><p><font size=1 face="sans-serif">04/12/2010 07:50 AM</font><table border><tr valign=top><td bgcolor=white><div align=center><font size=1 face="sans-serif">Please respond to<br>sap-wug@mit.edu</font></div></table><br><td width=59%><table width=100%><tr valign=top><td><div align=right><font size=1 face="sans-serif">To</font></div><td><font size=1 face="sans-serif">sap-wug@mit.edu</font><tr valign=top><td><div align=right><font size=1 face="sans-serif">cc</font></div><td><tr valign=top><td><div align=right><font size=1 face="sans-serif">Subject</font></div><td><font size=1 face="sans-serif">WF-Batch User: SAP_ALL access required
for SWU3 Customization?</font></table><br><table><tr valign=top><td><td></table><br></table><br><br><br><font size=2 face="Calibri">Hello all,</font><br><font size=2 face="Calibri"> </font><br><font size=2 face="Calibri">Wanted to know if anyone has had to limit
the authorization to the WF-Batch User that has to be set-up to configure
the Workflow System in SAP? Our internal auditors do not like the
fact that it is currently assigned the SAP_ALL role which seems to be what
is recommended in workflow circles as well as by SAP. </font><br><font size=2 face="Calibri"> </font><br><font size=2 face="Calibri">Any insight would be greatly appreciated.</font><br><font size=2 face="Calibri"> </font><br><font size=2 face="Calibri">Thanks,</font><br><font size=2 face="Calibri"> </font><br><font size=4 face="Calibri"><b>Miguel R. Viera</b></font><br><font size=2 face="Calibri">Deere-Hitachi C.M.C</font><br><font size=2 face="Calibri">SAP Business Analyst for FI-CO & SD
Modules</font><br><font size=2 face="Calibri">Workflow Admin. & Winshuttle Template
Designer</font><br><font size=2 face="Calibri">Phone: (336) 992-5759</font><br><font size=2 face="Calibri"> </font><br><font size=2 color=#104160 face="Calibri"><b><i>"Let us realize
that the privilege to work is a gift, that power to work is a blessing,
that love of work is success." David O. McKay</i></b></font><br><font size=2 face="Calibri"> </font><br><font size=2 face="Calibri"> </font><br><font size=2 face="Calibri"> </font><tt><font size=2>_______________________________________________<br>SAP-WUG mailing list<br>SAP-WUG@mit.edu<br>http://mailman.mit.edu/mailman/listinfo/sap-wug<br></font></tt><br><font face="sans-serif"><font face="sans-serif, Arial, Helvetica" size="-1" color="#808080"><br>If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
<br></br>
</font></font>