WF-Batch User: SAP_ALL access required for SWU3
Viera, Miguel
VieraM at dhcmc.com
Mon Apr 12 15:35:06 EDT 2010
Thanks for the info regarding note 1251255. That going to be very helpful.
Miguel R. Viera
Deere-Hitachi C.M.C
SAP Business Analyst for FI-CO & SD Modules
Workflow Admin. & Winshuttle Template Designer
Phone: (336) 992-5759
"Let us realize that the privilege to work is a gift, that power to work is a blessing, that love of work is success." David O. McKay
----------------------------------------------------------------------
Message: 1
Date: Mon, 12 Apr 2010 06:47:33 -0700 (PDT)
From: Shai Eyal <shai.eyal at yahoo.com>
Subject: WF-Batch User: SAP_ALL access required for SWU3
To: sap-wug at mit.edu
Message-ID: <923206.72830.qm at web59101.mail.re1.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Viera,
I've fronted this issue several times and personally I see no reason to limit its authorization.?My argumentation?is the user type?=> system.
In case you have to limit authorizations, please refer to note 1251255.
Regards,
Shai Eyal
SAP Logistics senior consultant
SAP Workflow & BPM specialist
http://www.linkedin.com/in/shaieyal
Mobile: 972-52-5816633
Message: 2
Date: Mon, 12 Apr 2010 08:52:15 -0500
From: michael.mcley at daimler.com
Subject: Re: WF-Batch User: SAP_ALL access required for SWU3
Customization?
To: sap-wug at mit.edu
Message-ID:
<OFF1EC3812.DA4077A6-ON86257703.0048DC5E-86257703.004C33B5 at dcx.dcx>
Content-Type: text/plain; charset="us-ascii"
Miguel,
I do not have direct experience with limiting the authorizations of
WF-BATCH. However...
Practical Workflow for SAP, 2nd Edition Section 3.1.2 (page 88 in the
hardbound edition) states:
"...However the background user <meaning WF-BATCH> must have the
authorization SAP_ALL if the workflow system is to function without
problems ..."
The text goes further to say (and I'll paraphrase) that user WF-BATCH can
be configured as a system user (no GUI login possible). You can also
configure your security so that the RFC destination WORKFLOW_LOCAL_xxx
cannot be used by programs other than the workflow engine. If this user
and RFC destination were configured automatically then WF-BATCH also has a
password that is generated randomly and cannot be used with other RFC
destinations because no one knows the password.
The text mentions SAP Note 1251255 as options to limit the security of
WF-BATCH. The book also mentions that implementing this note is kind of a
headache.
If you have already bought Practical Workflow for SAP ('da big book O'
workflow) and have read this, then please ignore and my apologies.
Otherwise it is the best $79.95 you will ever spend for an SAP book -
assuming you regularly work in workflow. Maybe you can use its
recommendations to push back on your auditors.
If that doesn't work, the book has 953 pages and you can always throw it
at them ;-)
Michael McLey
MBUSI - IT Parts & Administration
Mercedes-Benz US International, Inc.
1 Mercedes Drive
Vance, AL 35490
PHONE: (205) 462 - 5239
EMAIL: michael.mcley at daimler.com
More information about the SAP-WUG
mailing list