Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_BTCH_ADM and SM37 job copy question

Former Member

‎01-26-2009 3:00 PM

0 Kudos

Hello,

we currently have a requirement to allow some of our user to copy other users jobs. the catch is that we need to perform this action without using the S_BTCH_ADM = Y authorization.

so far we have tried to use a combination of S_BTCH_JOB and NAM with all activities turned on for JOB and a "*" on NAM with no success.

any one have any Ideas as to how to achieve this? your help is much appreciated.

Regards,

Joe

7 REPLIES 7

Former Member

‎01-26-2009 4:41 PM

0 Kudos

Which release level are you on?

Former Member

‎01-26-2009 7:22 PM

0 Kudos

i am on ECC 6.0 sp level 146.

Thanks for your reply!

Former Member
In response to Former Member

‎01-26-2009 7:44 PM

0 Kudos

My first guess would be, that the job being copied contains either a program with an authorization group on it which the user is not authorized for (object S_PROGRAM) or an external command (object S_LOG_COM) perhaps even.

In SM37, most checks relating to S_BTCH_JOB are followed by a PERFORM statement which checks for S_BTCH_ADM, which then overrides the S_BTCH_JOB authority. This is also used to determine the screen returned to when other checks fail while attempting other actions.

My advise would be to run an authorization trace (ST01) while attempting to copy the job, and check to see whether S_PROGRAM or S_LOG_COM turn up with a failed authority check, before the S_BTCH_ADM does. SU53 will not be helpfull in this case, and the S_BTCH_ADM check will still show up in the trace, even although the user has the correct access for the program or command being copied.

Try that.

Cheers,

Julius

Private_Member_119218
Active Participant
In response to Former Member

‎01-27-2009 6:19 AM

0 Kudos

It is also possible that the job contains external programs - this would be my first guess. Those are protected by 'S_RZL_ADM' object, I do believe.

(Or are "external programs" the same thing as "external commands" on ECC?)

Former Member
In response to Former Member

‎01-27-2009 6:42 AM

0 Kudos

Yes, that is also correct. I am not aware of any changes in ECC6 either.

At that point, the SAP system cannot yet know which command the external program is going to use, so it checks the authority as if a command was being created in SM69 - S_RZL_ADM actvt 01.

Cheers,

Julius

Former Member

‎01-27-2009 12:08 PM

0 Kudos

we currently have a requirement to allow some of our user to copy other users jobs. the catch is that we need to perform this action without using the S_BTCH_ADM = Y authorization.

I checked this and it is indeed the case. Copying, changing, debugging etc other users jobs checks whether the user is authorized for S_BTCH_ADM = 'Y'.

So this is considered a batch administrator task.

*---------------------------------------------------------------------*
*      FORM CHECK_OPERATION_PRIVILEGE                                 *
*---------------------------------------------------------------------*
* Diese Routine prüft, ob der Benutzer berechtigt ist, verändernde    *
* Operationen auf Jobs auszuführen. Berechtigung liegt vor, wenn:     *
*                                                                     *
*   - der entsprechende Job vom Benutzer selbst erzeugt worden ist    *
*     oder                                                            *
*   - wenn der Benutzer Batchadminstratorberechtigung hat             *
*                                                                     *
* Wenn die Berechtigung vorliegt, wird RC = 0 ansonsten RC ungleich   *
* 0 gesetzt.                                                          *
*                                                                     *
*---------------------------------------------------------------------*

FORM check_operation_privilege USING job_creator_name rc.

  IF job_creator_name NE sy-uname.
    PERFORM check_batch_admin_privilege.
    IF batch_admin_privilege_given EQ btc_no .
      rc = 1.
      EXIT.
    ENDIF.
  ENDIF.

  rc = 0.

ENDFORM.                               " CHECK_OPERATION_PRIVILEGE

Cheers,

Julius

Former Member

‎01-27-2009 12:40 PM

0 Kudos

Thank you all for you help! I think we are going to write a program to call the BP_JOB_COPY Function Module and in the copy remove the checks for S_BTCH_ADM. this should get us past this hurdle. we will have to figure out how to look up the job count # from the name from tbtco.

Thanks! for your help!