User Privilegs using EasyCloud SAP Module

Intro

You want to use EasyCloud SAP Module and need more information what kind of privileges a user must have.

Solution

EasyCloud use SAP RFC technology while connecting to a system. During the intial connection you specify an username and a password or SNC.

This user must exist in the SAP system you connect to. User type have to be  “System” or “Dialog”.

Any CMDlet of EasyCloud SAP Module you use will interact with the SAP system with this user. Therefore the user need the specific Roles and Profiles in the SAP system to fullfill the request operation.

Example: You want to change the email address of User “Greg” in SAP System. Therefore you connect to this SAP system using the User “MyAdminUser”.

EasyCloud connects to SAP with User “MyAdminUser”. This user must have assigned the SAP authorization object “S_USER_GRP”.

FAQ:

Q: Can we use SAP User Authorization trace to check for missing Authorization?

A: Yes. You can use su53 and check for missing Authorizations

Q: Can we trace the users activities in the system?

A: Yes. We use standard SAP user, so you can use any available solution for tracing user activities inside SAP.

Q: What is if the user is locked in SAP?

A: EasyCloud cannot connect to a SAP System if the user is locked.

Q: What is the recommendation for User?

A: connmove recommends to create a specific EasyCloud User in SAP and setup a specific Profile / Role concept for this user.

Q: The connection is done via username / password. Is this secure?

A: No. connmove recommends to use SNC, while this is the most secure way to connect to SAP System. Use SNC SSO option if possible. If you cannot use SNC please note that any communication to the SAP system will not be encrypted as it is when SAPGUI to SAP system connection is not secured over SNC. If you don’t want to encrypt this communication connmove recommend to use the EasyCloud PW store.