Overview

The example detailed in this appendix was performed on SAS 6.0. In this example, the system administrator creates a new authorization, uses it in a profile, and defines a user account that uses the profile. (In addition, the user account is designated as a system account, which prevents interactive logons.) Here is the sequence of events:
  1. Create the authorization SASCPIC.
  2. Specify the program that SASCPIC is allowed to execute. Using the SAP authorization administration, enter the program name /SAS/SAPLADITM with the function group /SAS/ADITM.
  3. Specify that only activities 37 and 51 are allowed.
  4. Save your settings. Activate SASCPIC.
  5. Create a new profile named ITRM using the SASCPIC authorization. (The profile uses other more standard authorizations as well, such as those that allow CPIC and RFCs to run.)
  6. Associate the new ITRM profile with the SAP user ID and account that performs data extractions.
By completing these steps, the account can be used only for extracting performance data. Functions in the /SAS/ADITM function group are the only functions that can be used to return data. Any attempt to extract tables or metadata results in an error that indicates a lack of permission. Create an Authorization
To create an authorization, complete the following steps:
  1. In the SAP Easy Access window, under Authorizations and Profiles (Manual Maintenance), double-click Edit Authorizations Manually.
    SAP Easy Access Window
    SAP Easy Access Window
    Maintain Authorizations: Object Classes Window
    Object Classes Window
  2. Double-click BC_A Basis: Administration.
    Object List Window
    Object List Window
  3. In the Object column, double-click S_CPIC CPIC Calls from ABAP Programs.
    Authorization List Window
    Authorization List Window
  4. Click Authorizationthen selectCreate.
    Create New Authorization Dialog Box
    Create New Authorization Dialog Box
  5. In the Text field, enter a description for this authorization. Click Check button.
    Authorization List Window
    Authorization List Window
  6. Double-click ABAP program name with search help.
    Field Values Dialog Box
    Field Values Dialog Box
  7. To restrict permission for S_CPIC so that it can execute only the /SAS/SAPLADITM program, complete the following steps:
    1. In the From column, type /SAS/SAPLADITM(where /SAS/ADITM is the function group).
      Note: There is no value for this entry in the To column.
    2. Click the diskette icon to save your changes.
      Here is an example of the system-generated code associated with the /SAS/ADITM function group:
      *******************************************************************
* System-defined Include-files. *
**************************************************************
INCLUDE LZSASXTOP.  Global Data
INCLUDE LZSASXUXX.  Function Modules
*******************************************************************
* User-defined Include-files (if necessary). *
*******************************************************************
* INCLUDE LZSASXF...  Subprograms
* INCLUDE LZSASXO...  PBO-Modules
* INCLUDE LZSASXI...
Permission is restricted so that only the function module
/SAS/SAPWL_STATREC_READ_FILE can be executed.
  8. In the Authorization List window, select Activity and then click Enter Values.
    Authorization List Window
    Authorization List Window
    Define Values Dialog Box
    Define Values Dialog Box
  9. Select the check boxes for activities 37 and 51. Click the diskette icon to save the changes.
  10. In the Maintain Authorization window, click Authorizationthen selectActivate. This activates the newly created authorization.
    Authorization List Window
    Authorization List Window
Copyright © SAS Institute Inc. All rights reserved.