SAP Preparation
      Back to home
      1. Knowledge Base
      2. Onboarding
      3. SAP Preparation

      SAP User Role Access Rights for zapAudit and zapCash

      Overview of the necessary authorizations to enable Remote Function Call (RFC) access to your SAP System

      To utilize zapAudit or zapCash seamlessly, specific SAP user role access rights are essential. This guide provides a comprehensive overview of the necessary authorizations to enable Remote Function Call (RFC) access to your SAP System. The SAP user requires full BBP_RFC_READ_TABLE access authorizations for optimal functionality.

      You can also use a system user (USTYP B in USR02) instead of a dialog user (USTYP A in USR02).

      rfc_access_rights

      Mandatory Access Rights

        1. S_RFC Authorization Object: 
          1. Activity (ACTVT):
            1. Execute (16)
          2. Name of RFC-Objekts (RFC_NAME):
            1. BBP_RFC_READ_TABLE
            2. DDIF_FIELDINFO_GET
            3. RFCPING
            4. RFC_GET_FUNCTION_INTERFACE
            5. RFC_READ_TABLE
            6. STFC_CONNECTION
          1. Type of RFC-Objects (RFC_TYPE):
            1. Function Module (FUNC)
        2. S_TABU_NAM Authorization Object:
          1. Activity (ACTVT):
            1. Display (03)
          2. Table Name (TABLE): *

      If “*” cannot be assigned to the authorization object “S_TABU_NAM,” the individual tables can also be specified from the data scope.

      Additional Table Authorizations

      For manual containment of SAP tables, enter the following tables in the "Table Name (TABLE)" field:

      DD17S, T000, T001, T009, T009B, T001K, DD07T, NRIV, T001L, T001W, T003, T003T, T005, T005T, T007S, T008, T008T, T011, T011T, T014, T023T, T030K, T030W, T041C, T041CT, T043, T052, T052U, T074T, T077S, T077Z, T093, T093C, T093T, T100, T134T, T156, T156T, T159L, T161, T161T, T163, T173, T173T, T685, T685T, T880, TABW, TABWT, TBSL, TBSLT, TCURC, TCURT, TCURX, TCURF, TCURP, TCURR, TCURV, TPFID, TSTCT, TTYP, TVAK, TVAKT, TVFS, TVFST, TVLK, TVLKT, BKPF, REGUV, BSEG, BSET, FAGL_011FC, FAGL_011PC, FAGL_011QT, FAGL_011SC, FAGL_011TC, FAGL_011VC, FAGL_011ZC, REGUH, REGUP, SKA1, SKAT, SKB1, EKKO, EKPO, EBAN, EKBE, TVKO, VBAK, VBRK, LIKP, LIPS, VBAP, VBRP, VBFA, USR02, USR40, UST04, ANEP, ANLA, ANLB, ANLBZA, ANLC, ANLH, ANLZ, ANKA, ANKT, MARA, MKPF, MSEG, MAKT, MBEW, TDG41, KNB1, LFB1, KNA1, KNBK, LFA1, LFBK, KNKK, CDPOS, CDHDR,TCDOB, TCDOBT,  TIBAN, KNAS, SRGBTBREL, TOA01, TOA02, TOA03, CVERS, CVERS_ACT, BUT000, CVI_CUST_LINK, DD02T, DD03L, DD04T, TKA02, UKMBP_CMS_SGM, LFAS, TOASP, BSEC

      Setting Up User Role in SAP

      1. Use transaction SU01.
      2. Select the SAP user to edit.
      3. Navigate to the 'Roles' tab.
      4. Activate 'Edit' mode (Shift + F7) and select 'Change Role' or double-click the role.
      5. Go to the 'Authorizations' tab.
      6. Click 'Change Authorization Data,' possibly pressing Shift + F7 to activate editing.
      7. Edit function objects as required

      Additional Information:

        • If S_TABU_NAM is unavailable, use S_TABU_DIS with activity 'Display' and '*' for the table authorization group.
        • If FUNC is unavailable, use the function group (FUGR) with the following objects:
          • BBPB for BBP_RFC_READ_TABLE
          • RFC1 for RFC_GET_FUNCTION_INTERFACE
          • SYST for RFCPING
          • SDIFRUNTIME for DDIF_FIELDINFO_GET
          • SDTX for RFC_READ_TABLE

      Note:

      • If 'Single Sign-On' with 'Active Directory' is activated, the user must still be able to log on to SAP with a password.