System Admin Role/Profile

Author: [email protected] 71 views

SAP Authorization Objects:

Authorization Object Functions Values
Cross-Application Authorization Objects
S_RFC
RFC_TYPE
RFC_NAME
ACTVT
FUGR
SYST
16 - Execute
S_RFC
RFC_TYPE
RFC_NAME
ACTVT
FUGR
Z_FPC_PASSWORD
16 - Execute
Basis: Administration
S_USER_GRP
CLASS
ACTVT
SUPER
05 - Lock

Special Remarks:

These roles should be sufficient. If not, the customer has added extra security such as S_TABU_DIS etc. Therefore the customers are responsible for adding the missing portion. This can be analyzed in transaction ST01 under authorization trace for the system user.
MyPass connects to SAP through RFC where it calls both a custom function module as well as a standard SAP module. For this it uses a specific SAP user that can be created with authorization exactly for these operations.

  1. Create Function Group “Z_FPC_PASSWORD”
  2. Create Function Module “Z_FPC_PASSWORD_CHANGE”
  3. Create SAP User “PWRESET”
  4. Create SAP Role “Z_FPC_PASSWORD”

After following the step-by-step instructions in the 4 sub-sections, your system will be ready to be used as a Password Synchronization target or a Password Reset target from invoked from your MyPass Password Manager installation. All instructions take offset in the main screen of the SAP Client and it is expected that you are logged in as a SAP overall administrator.