What SAP User Role Access Rights do I need?

All SAP role authorizations you need to use zap Audit at a glance.

The SAP user intended for using zap Audit needs certain SAP access rights. These access rights must allow you to access your SAP System via Remote Function Call (RFC). You need an SAP user with full RFC_READ_TABLE access authorizations.

You can also use a system user (USTYP B in USR02) instead of a dialog user (USTYP A in USR02).

rfc_access_rights

The following access rights should at least exist:

S_RFC

  • Activity (ACTVT): Execute (16)
  • Name of RFC object (RFC_NAME): BBP_RFC_READ_TABLE, DDIF_FIELDINFO_GET, RFCPING, RFC_GET_FUNCTION_INTERFACE, RFC_READ_TABLE
  • Type of RFC object (RFC_TYPE): Function Module (FUNC)

S_TABU_NAM

  • Activity (ACTVT): Display (03)
  • Table Name (TABLE): *

The field "Table Name (TABLE)" of the object S_TABU_NAM should be set to *, as zap Audit is continuously developed and improved.

A specific listing of the required tables can be downloaded while zap Audit project preparation.

How to set up the user role in SAP?

  1. Use transaction SU01.
  2. Select an SAP-User to edit.
  3. Go to the tab 'Roles'.
  4. Activate the 'Edit' mode (Shift + F7) and select 'change role' or double click the role.
  5. Go to the tab 'Authorizations'.
  6. Click 'Change Authorization Data'. Maybe you also have to Shift + F7 to activate editing.
  7. There you can click and edit the function objects.

S_TABU_NAM is not available

If your SAP system does not provide S_TABU_NAM, you can use S_TABU_DIS with activity 'display' and * for the table authorization group.

Do you intend to use the same user for zap Audit as your normal SAP user?

Please note that if Single-Sign-On with active directory is activated, it must still be possible for your user to log on to SAP with a password.