WF-Batch User: SAP_ALL access required for SWU3

Viera, Miguel VieraM at dhcmc.com
Mon Apr 12 15:35:06 EDT 2010 

Thanks for the info regarding note 1251255.  That going to be very helpful.  

Miguel R. Viera
Deere-Hitachi C.M.C
SAP Business Analyst for FI-CO & SD Modules
Workflow Admin. & Winshuttle Template Designer
Phone: (336) 992-5759

"Let us realize that the privilege to work is a gift, that power to work is a blessing, that love of work is success." David O. McKay



----------------------------------------------------------------------

Message: 1
Date: Mon, 12 Apr 2010 06:47:33 -0700 (PDT)
From: Shai Eyal <shai.eyal at yahoo.com>
Subject: WF-Batch User: SAP_ALL access required for SWU3
To: sap-wug at mit.edu
Message-ID: <923206.72830.qm at web59101.mail.re1.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi Viera,

I've fronted this issue several times and personally I see no reason to limit its authorization.?My argumentation?is the user type?=> system.
In case you have to limit authorizations, please refer to note 1251255.

Regards,
Shai Eyal
SAP Logistics senior consultant
SAP Workflow & BPM specialist
http://www.linkedin.com/in/shaieyal
Mobile: 972-52-5816633

Message: 2
Date: Mon, 12 Apr 2010 08:52:15 -0500
From: michael.mcley at daimler.com
Subject: Re: WF-Batch User: SAP_ALL access required for SWU3
	Customization?
To: sap-wug at mit.edu
Message-ID:
	<OFF1EC3812.DA4077A6-ON86257703.0048DC5E-86257703.004C33B5 at dcx.dcx>
Content-Type: text/plain; charset="us-ascii"

Miguel,

I do not have direct experience with limiting the authorizations of 
WF-BATCH.  However...

Practical Workflow for SAP, 2nd Edition Section 3.1.2 (page 88 in the 
hardbound edition) states:

"...However the background user <meaning WF-BATCH> must have the 
authorization SAP_ALL if the workflow system is to function without 
problems ..."

The text goes further to say (and I'll paraphrase) that user WF-BATCH can 
be configured as a system user (no GUI login possible).  You can also 
configure your security so that the RFC destination WORKFLOW_LOCAL_xxx 
cannot be used by programs other than the workflow engine.  If this user 
and RFC destination were configured automatically then WF-BATCH also has a 
password that is generated randomly and cannot be used with other RFC 
destinations because no one knows the password.

The text mentions SAP Note 1251255 as options to limit the security of 
WF-BATCH.  The book also mentions that implementing this note is kind of a 
headache.

If you have already bought Practical Workflow for SAP ('da big book O' 
workflow) and have read this, then please ignore and my apologies. 
Otherwise it is the best $79.95 you will ever spend for an SAP book - 
assuming you regularly work in workflow.  Maybe you can use its 
recommendations to push back on your auditors. 

If that doesn't work, the book has 953 pages and you can always throw it 
at them ;-)


 
Michael McLey 
MBUSI - IT Parts & Administration 
Mercedes-Benz US International, Inc. 
1 Mercedes Drive 
Vance, AL 35490 
PHONE:  (205) 462 - 5239 
EMAIL:   michael.mcley at daimler.com

More information about the SAP-WUG mailing list