Journal Entry - Required SAP® Authorizations Winshuttle Journal Entry fully protects SAP® security features. In no circumstances can Journal Entry override SAP authorization restrictions you are bound to. This document can help you and your security team to understand the SAP authorizations required to work with Journal Entry . In most cases, these SAP authorizations are already in place. However, if you have tried Journal Entry but can not use it or if you are seeing error messages then this document will help you address the issue. SAP Customers running SAP with Support Pack stack 24 or higher will need to implement the custom Winshuttle Function Module for Journal Entry templates to work. Transaction Authorization via SAP GUI: Journal Entry cannot run a transaction if you cannot run that transaction in the SAP GUI. If you do not have access to a particular transaction, please obtain authorization for it before you run that transaction in Journal Entry. Remote Function Calls (RFC) Authorization: Journal Entry makes RFC calls to SAP. You must have this additional access assigned to you. In most cases, these authorizations are already assigned to you. The following objects with the indicated values should be in your SAP user profile for working with Journal Entry. For the S_RFC Authorization Object: • Field RFC_TYPE Value FUGR (function group) • Field ACTVT Value 16 (execute) or * • Field RFC_NAME The following values are required for running shuttle files: SYST, SRFC, SUSR, RFC1, RFCH, ATSV, STTF, SDTX, RHF4 To check if a user is authorized to use a given rFM, Journal Entry validates if the user has EXECUTE(16) permission on the Function Group. Accordingly, when a given Function Module executes, it accesses the structures defined in the Function group too, authorization for the Function Group is needed. The Authority_Check rFM validates whether the user is authorized to use the Function Module of a given Function Group. To attach documents to a journal entry posting, the following is required: - For the S_RFC authorization object, value BDS_BAPI is needed - Access to object S_BDS_DS is required with all values except lock and delete, for all class names and class types ©2013 Winshuttle, LLC. All rights reserved. 5/13 www.winshuttle.com Table Level Authorizations: Journal Entry can get logs, extended comments, field descriptions, and messages. For this, the user must have access to few tables. Table level access is controlled by authorization object S_TABU_DIS. Transaction needs access to these tables: T100 To enable this access, please setup the following authorization: Authorization Object: S_TABU_DIS Field Authorization Group (DICBERCLS) = SS, &NC& Field Activity (ACTVT) = 03 (Display only) Function Group Remote Function Module Instance Mode ATSV RFC_CALL_TRANSACTION Run Batch mode SUSR AUTHORITY_CHECK Run Description Run STTF CAT_TCD_CAL Run Non-Batch with controls Run Non-Batch without controls Run ALL RFC1 RFC_GET_STRUCTURE_DEFINITION Run Non-Batch RHF4 RHF4_RFC_FIELD_VALUE_REQUEST None None SYST Addin F4 Help Logon SRFC RFC_PING RFCH RFC_GET_UNICODE_STRUCTURE SDTX RFC_READ_TABLE Run All Table List Instance Mode T100 Run ALL except Gui scripting Run Bapi with Extented Log Journal Entry - Required SAP Authorizations Comments 2 Corporate Headquarters United Kingdom France India Bothell, WA Tel + 1 (800) 711-9798 Fax + 1 (425) 527-6666 www.winshuttle.com Maisons-Alfort, France Tel +33 (0) 148 937 171 Fax +33 (0) 143 683 768 www.winshuttle.fr Journal Entry - Required SAP Authorizations London, U.K. Tel +44 (0) 208 545 9500 Fax +44 (0) 208 711 2665 www.winshuttle.co.uk Germany Bremerhaven, Germany tel +49 (0) 471 140 840 fax +49 (0)471 140 849 www.winshuttle-software.de Research & Development Chandigarh, India Tel +91 (0) 172 633 9800 3