The example detailed
in this appendix was performed on SAS 6.0. In this example, the system
administrator creates a new authorization, uses it in a profile, and
defines a user account that uses the profile. (In addition, the user
account is designated as a system account, which prevents interactive
logons.) Here is the sequence of events:
-
Create the authorization
SASCPIC.
-
Specify the program
that SASCPIC is allowed to execute. Using the SAP authorization administration,
enter the program name /
SAS/SAPLADITM with the function group /
SAS/ADITM.
-
Specify that only activities
37 and 51 are allowed.
-
Save your settings.
Activate SASCPIC.
-
Create a new profile
named ITRM using the SASCPIC authorization. (The profile uses other
more standard authorizations as well, such as those that allow CPIC
and RFCs to run.)
-
Associate the new ITRM
profile with the SAP user ID and account that performs data extractions.
By completing these
steps, the account can be used only for extracting performance data.
Functions in the /
SAS/ADITM function group are the only functions
that can be used to return data. Any attempt to extract tables or
metadata results in an error that indicates a lack of permission.
Create an Authorization
To create an authorization,
complete the following steps:
-
In the
SAP
Easy Access window, under
Authorizations
and Profiles (Manual Maintenance), double-click
Edit
Authorizations Manually.
Maintain Authorizations: Object Classes Window
-
Double-click
BC_A
Basis: Administration.
-
In the
Object column,
double-click
S_CPIC CPIC Calls from ABAP Programs.
Authorization List Window
-
Click
AuthorizationCreate.
Create New Authorization Dialog Box
-
In the
Text field,
enter a description for this authorization. Click
.
Authorization List Window
-
Double-click
ABAP program
name with search help.
-
To restrict permission
for S_CPIC so that it can execute only the
/SAS/SAPLADITM program,
complete the following steps:
-
In the
From column,
type
/SAS/SAPLADITM
(where
/SAS/ADITM
is
the function group).
Note: There is no value for this
entry in the To column.
-
Click the diskette icon
to save your changes.
Here is an example of
the system-generated code associated with the /
SAS/ADITM function
group:
*******************************************************************
* System-defined Include-files. *
**************************************************************
INCLUDE LZSASXTOP. Global Data
INCLUDE LZSASXUXX. Function Modules
*******************************************************************
* User-defined Include-files (if necessary). *
*******************************************************************
* INCLUDE LZSASXF... Subprograms
* INCLUDE LZSASXO... PBO-Modules
* INCLUDE LZSASXI...
Permission is restricted so that only the function module
/SAS/SAPWL_STATREC_READ_FILE can be executed.
-
In the
Authorization
List window, select
Activity and
then click
Enter Values.
Authorization List Window
-
Select the check boxes
for activities 37 and 51. Click the diskette icon to save the changes.
-
In the
Maintain
Authorization window, click
AuthorizationActivate. This activates the
newly created authorization.
Authorization List Window