Description
If you have issues with recording and running Transaction, you may want to run an Authorization Check to see if they are caused by the absence of authorization objects.
To run this check, click Tools then Authorization Check. The Authorization Check Result dialog box will appear with the authorization object you are and are not authorized to use. If any state that User is not Authorized, please take a screen shot and, along with this article, work with your SAP Security team to correct
Winshuttle Transaction fully protects SAP® security features. In no circumstances can Transaction override SAP authorization restrictions to which you are bound. This document can help you and your security team to understand the SAP authorizations required to work with Transaction. In most cases, these SAP authorizations are already in place. However, if you have tried Transaction but can not use it or if you are seeing error messages then this document will help you address the issue.
SAP Customers running SAP with Support Pack stack 24 or higher will need to implement the custom Winshuttle Function Module for Non-Batch recording modes to work.
Applies to
Function Module 10.X
Solution
Transaction Authorization via SAP GUI
Winshuttle Transaction cannot run a transaction if you cannot run that transaction in the SAP GUI. If you do not have access to a particular transaction, please obtain authorization for it before you record or run that transaction in Transaction.
Remote Function Calls (RFC) Authorization
Transaction makes RFC calls to SAP. You must have this additional access assigned to you. In most cases, these authorizations are already assigned to you. The following objects with the indicated values should be in your SAP user profile for working with Transaction.
For the S_RFC Authorization Object
| Field RGC_TYPE | Value FUGR (function group) |
| Field ACTVT | Value 16 (execute) or * |
| Field RFC_NAME |
The following values are required:
10.5 Function Module
/WINSHTL/* - If installing 10.5 Function Module
If you prefer to use discrete values for 10.5 FM, please use the following:
| /WINSHTLE/CALL_TRANS | Program for Execution of RFCs CALL Trans |
| /WINSHTL/TRC_FUGR_REC | Winshuttle Tx record function group |
| /WINSHTL/TRN_FUGR_RUN | Winshuttle Tx run function group |
| /WINSHTL/TRN_FUGR_SVTX | Function Group to Save Text |
| /WINSHTL/TRN_FUGR_USRFR | Function Group to get the date format |
| /WINSHTL/TRN_TX_F4_106 | F4 help for data element field |
| /WINSHTL/TRN_TX_TRACE_EXTR | Extract Transaction Trace |
10.6 Function Module
/WINSHTLQ/* - If installing 10.6 Function Module or higher
If you prefer to use discrete values for 10.6 FM, please use the following:
| /WINSHTLQ/CALL_TRANS | Program for Execution of RFCs CALL Trans |
| /WINSHTLQ/QREVERFUGR | To get WFM version |
| /WINSHTLQ/TRCTAB | Func Grp for Transaction rule maintenance screen |
| /WINSHTLQ/TRC_BW | Func Grp for Transaction Black White Access maintenance screen |
| /WINSHTLQ/TRC_FUGR_REC | Winshuttle Tx record function group |
| /WINSHTLQ/TRN_FUGR_RUN | Winshuttle Tx run function group |
| /WINSHTLQ/TRN_FUGR_SVTXT | Function Group to Save Text |
| /WINSHTLQ/TRN_FUGR_USRFR | Function Group to get the date format |
| /WINSHTLQ/TRN_TX_F4_106 | F4 help for data element for field |
| /WINSHTLQ/TRN__TX_TRACE_EXT | Extract Transaction Trace |
The following values are required for running shuttle files: SYST, SRFC, SUSR, RFC1, RFCH, SBDC, ATSV, STTF, SDTX
The following additional values are required for recording shutle files: SBDR, SCAT, STTM, SDTX
To check if a user is authorized to use a given RFM, Transaction validates if the user has EXECUTE(16) permission on the Function Group. Accordingly, when a given Functio Module executes, it access the structures defined in the Funciton Group. Therefore, authorization for the Function Group is required.
The Authority_Check rFM validates whether the user is authorized to use the Function Module of a given Function Group.
Table Level Authorizations
Transaction can get logs, extended comments, field descriptions, and messages during debug process. For this, the user must have access to few tables. Table level access is controlled by authorization object S_TABU_DIS. Transaction needs access to these tables: T100, TFDIR, DD03L, DD04L, TSTCT, D020T, and DD03M. To enable this access, please setup the following authorization:
Authorization Object: S_TABU_DIS Field Authorization Group (DICBERCLS) = SS, &NC& Field Activity (ACTVT) = 03 (Display only)
GUI Scripting Authorizations
In addition to RFC calls, Transaction also provides access to the SAP system using the SAP GUI Scripting mode. To check whether GUI scripting is enabled, look on the right-end of the SAP GUI status bar.
If you see the barber-pole icon on your status bar, GUI Scripting is enabled.
If you do not see the icon, ask your security team to use the RZ11 transaction to enable GUI Scripting. See this article for further information: Validating SAP GUI Scripting is Enabled
SAP Authorizations Table
Comments
0 comments
Please sign in to leave a comment.