Note
SAP authorizations must be assigned by your SAP Security Administrator.
Direct Link users require the following SAP access and authorizations in order to connect to your SAP system and extract data:
To connect to your SAP system, Direct Link users must have SAP accounts configured with either of the following SAP user types:
Direct Link does not work with SAP accounts configured with any of the following SAP user types:
The password for the SAP Dialog user type must be updated on a regular basis, whereas the password for the Service user type does not have to be updated.
If you schedule Direct Link extracts and use a generic SAP account to connect, you should consider using the Service user type to avoid a connection failure because of an expired password.
Direct Link users require the specific SAP authorizations listed below.
Note
Consult your SAP security documentation for detailed information about assigning SAP authorizations to users.
| Object class | Authorization object | Field | Values | Details |
|---|---|---|---|---|
| Cross-Application Authorization Objects |
S_RFC Authorization check for RFC access |
ACTVT |
16 (authorizes Execute) |
Controls a user's ability to execute function modules on the SAP system from a remote location, such as a desktop computer. |
|
RFC_NAME |
/ACLDL/DLINK7 DDIF_FIELDINFO_GET GET_SYSTEM_TIME_REMOTE RFCPING RFC_GET_FUNCTION_INTERFACE |
|||
|
RFC_TYPE |
FUGR FUNC |
|||
| Basis: Administration |
S_TABU_DIS Table maintenance |
|
Direct Link users should be assigned authorizations for those SAP tables they need to access in order to perform their analysis. For example, a user performing a General Ledger audit needs authorizations for the general ledger tables. Note Your organization's own business processes dictate which users require table authorizations, and what authorizations they require. Work with your SAP Security Administrator to determine the appropriate level of access that your users require. |
Controls a user's access to specific groups of SAP tables. To control user access at the individual table level, use the S_TABU_NAM authorization object. |
|
S_TABU_NAM Table maintenance |
Controls a user's access to individual SAP tables. |
|||
|
S_BTCH_JOB Background processing: Operations on background jobs |
JOBACTION |
RELE (authorizes Release) |
Controls a user's ability to release jobs in background mode. Note If you intend to use SAP load balancing servers for the processing of Direct Link background jobs, you must also enable the Batch message type on each server. The Batch message type should be enabled by default on the main SAP server where the Direct Link add-on is installed. |
|
|
JOBGROUP |
' ' (a space between two single quotation marks) |
|||
| S_DATASET
Authorization for File Access |
ACTVT |
06 (authorizes Delete) 33 (authorizes Read) 34 (authorizes Write) |
Controls a user's ability to read, write, and delete files on the underlying operating system of the SAP system. Note If stricter file security is required, the S_DATASET authorization object can be configured so that users are restricted to accessing only those files that are located in the Direct Link output folder. To perform this configuration, change the * value in the FILENAME field so that it is preceded by the path to the Direct Link output folder. For example: C:\Direct_Link_output\* |
|
|
FILENAME |
* |
|||
|
PROGRAM |
/ACLDL/DL7_DLINKBKGD /ACLDL/SAPLDLINK7 |
|||
| S_GUI
Authorization for GUI activities |
ACTVT |
61 (authorizes Export) |
Controls a user's ability to download data from the SAP system to their desktop computer. |