Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_RZL_ADM object

Go to solution
Former Member

‎05-10-2008 7:15 PM

0 Kudos

Hi all,

Recently i created a role for an interface program. This program simply download inf about cost centers of a company to a text file (which is then used to upload inf to another system).

The output of this report is:

CS code

CS text

Start date

end date

The role worked almost perfectly, the only thing was that not all needed inf was transferred to the file. From the transaction SU53 i found out that i need an authorization for S_RZL_ADM with activity ='01'.

I added this authorization and everything works fine. But the question is why do i need this object??

Because i think it is strange that SAP asks for this object with this value(01: All Management System functions including starting and stopping instances, setting up and changing operation modes, checking system status, etc.)

in order to extract mentioned above data into a text file.

Any idea?

1 ACCEPTED SOLUTION

Go to solution
former_member1061482
Participant

‎05-11-2008 3:42 AM

0 Kudos

Hi,

Auth object S_RZL_ADM with the value 01 is used for maintaining external system commands.

As per my understanding, when you upload the info to other system, you would be giving some inputs to the command which you were not authorized to earlier (when you didn't have S_RZL_ADM).

If I am not wrong, then you should be having access to S_LOG_COM also in your user master record, which is necessary for executing external commands.

6 REPLIES 6

Go to solution
former_member1061482
Participant

‎05-11-2008 3:42 AM

0 Kudos

Hi,

Auth object S_RZL_ADM with the value 01 is used for maintaining external system commands.

As per my understanding, when you upload the info to other system, you would be giving some inputs to the command which you were not authorized to earlier (when you didn't have S_RZL_ADM).

If I am not wrong, then you should be having access to S_LOG_COM also in your user master record, which is necessary for executing external commands.

Go to solution
Former Member
In response to former_member1061482

‎05-11-2008 7:57 AM

0 Kudos

Actually yes, i also needed the S_LOG_COM object with value ZMV in the command field.

One more question, now as i described we are using a text files as an interface to another system.

But eventually there will be some kind of a direct interface from SAP to some data warehouse.

What authorization object will be needed in addition? Is it C_PDC?

In other words - what authorization object is usually checked when SAP comunicates directly with other systems?

Thanks,

I'll give you points anyway.

Go to solution
Former Member
In response to former_member1061482

‎05-11-2008 9:26 PM

0 Kudos

Hi Stanislaw,

It sounds like S_RZL_ADM is called due to something coded by your ABAP team. It is unusual for this to be invoked so I suggest that you sit with them and get them to set a breakpoint on AUTHORITY-CHECK statements to see where & why this is required. It may be necessary to recode the report. S_LOG_COM is common but S_RZL_ADM is not, especially if it is just downloading data. That auth object is also not one which you will be wanting end users to have access to either.

To answer your second questions, when SAP communicates with other systems it often does so via RFC's (Remote Function Calls) - there are others, but this is very common. An RFC executes code on the target server. Auth object S_RFC controls access to this and any user will need the corresponding S_RFC function group authorisation (depending on what it does etc) + any further auths as a dialog user typically would. There is no way to tell exactly what is needed as it will depend on what the developers do (and one of the system parameters).

Edited by: Alex Ayers on May 11, 2008 9:27 PM

Go to solution
former_member1061482
Participant
In response to former_member1061482

‎05-12-2008 3:49 AM

0 Kudos

I don't have any hands on working experience with PDC interface, so can't comment much on that.. although C_PDC is checked for communication with external systems.

As rightly pointed by Alex, S_RZL_ADM is usually not given. And yes, if the interface being used is of RFC, then the auth object to be checked in the source system is S_ICF. In the destination system, S_RFC, if the RFC is of type untrusted ;

S_RFC and S_RFCACL , if the RFC is trusted one.

Go to solution
Former Member
In response to former_member1061482

‎05-12-2008 7:24 AM

0 Kudos

Thanks for all your answers!!

I agree that it is unusual that i needed S_RZL_ADM object. I will try to investigate it with our abapers.

But i'm just wondering, is it possible that in fact i needed some other object (not necessarily S_RZL_ADM) and SAP asks for S_RZL_ADM (in su53) as it also give me authorization to complete the task? And if i had this other object sap would never try to check the S_RZL_ADM ?

I hope you understand what i mean..

Anyway thanks!

Go to solution
Former Member
In response to former_member1061482

‎05-12-2008 7:43 AM

0 Kudos

That scenario is possible, the only way to check would be to do an auth trace (ST01) to check everything required & then to test it without S_RZL_ADM