WF-Batch User: SAP_ALL access required for SWU3 Customization?
michael.mcley@daimler.com
michael.mcley at daimler.com
Mon Apr 12 09:52:15 EDT 2010
Miguel,
I do not have direct experience with limiting the authorizations of
WF-BATCH. However...
Practical Workflow for SAP, 2nd Edition Section 3.1.2 (page 88 in the
hardbound edition) states:
"...However the background user <meaning WF-BATCH> must have the
authorization SAP_ALL if the workflow system is to function without
problems ..."
The text goes further to say (and I'll paraphrase) that user WF-BATCH can
be configured as a system user (no GUI login possible). You can also
configure your security so that the RFC destination WORKFLOW_LOCAL_xxx
cannot be used by programs other than the workflow engine. If this user
and RFC destination were configured automatically then WF-BATCH also has a
password that is generated randomly and cannot be used with other RFC
destinations because no one knows the password.
The text mentions SAP Note 1251255 as options to limit the security of
WF-BATCH. The book also mentions that implementing this note is kind of a
headache.
If you have already bought Practical Workflow for SAP ('da big book O'
workflow) and have read this, then please ignore and my apologies.
Otherwise it is the best $79.95 you will ever spend for an SAP book -
assuming you regularly work in workflow. Maybe you can use its
recommendations to push back on your auditors.
If that doesn't work, the book has 953 pages and you can always throw it
at them ;-)
Michael McLey
MBUSI - IT Parts & Administration
Mercedes-Benz US International, Inc.
1 Mercedes Drive
Vance, AL 35490
PHONE: (205) 462 - 5239
EMAIL: michael.mcley at daimler.com
VieraM at dhcmc.com
Sent by: sap-wug-bounces at mit.edu
04/12/2010 07:50 AM
Please respond to
sap-wug at mit.edu
To
sap-wug at mit.edu
cc
Subject
WF-Batch User: SAP_ALL access required for SWU3 Customization?
Hello all,
Wanted to know if anyone has had to limit the authorization to the
WF-Batch User that has to be set-up to configure the Workflow System in
SAP? Our internal auditors do not like the fact that it is currently
assigned the SAP_ALL role which seems to be what is recommended in
workflow circles as well as by SAP.
Any insight would be greatly appreciated.
Thanks,
Miguel R. Viera
Deere-Hitachi C.M.C
SAP Business Analyst for FI-CO & SD Modules
Workflow Admin. & Winshuttle Template Designer
Phone: (336) 992-5759
"Let us realize that the privilege to work is a gift, that power to work
is a blessing, that love of work is success." David O. McKay
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug
If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20100412/907cddac/attachment.htm
More information about the SAP-WUG
mailing list