Skip to Content
avatar image
Former Member

Content Management > authorization role or authorisation objects

Dear Security specialists,

We are implementing SAP CRM and are using content Management.

Referring to OSS notes 685521 and 606745 we defined a External Alias via SICF transaction code for the service /default_host/sap/bc/contentserver.

The external alias is called /SAP/BC/contentserver

I can create a service or communication user for this purpose but would like to find out what authorisations I should assign this user.


I log on with my own user in the CRM2007 system and search for a quotation containing several attachments (pfd or word). To open it the service /default_host/sap/bc/contentserver is normally called and the user in this service should have authorisation to open this particular attachment.

I tried to find back the authorisation objects using a TRACE (ST01) the following way:

I assigned a dummy user having sap_all to this External alias and next logged on with my own user in the CRM WEBUI. Before I set a trace on for the dummy user defined in the external alias.

When I search and open the quotation I would expect that something would be found in my trace for the dummy user , but nothing appears in the trace results. On SDN and SAPHelp I also could not find back any particular authorisatin role you normally would assign to such a user.

thanks for your input

Davy Pelssers

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Feb 09, 2009 at 10:29 AM


    You can use the transaction SU24 to find out the audthorizations objects. But in your scenario I would create new role/profile with the transactions which you mentioned instead of SAP_ALL.

    Hope this helps.

    Manoj Chintawar

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thanks for 'trying' to give an answer, but If you would have read the complete question I am sure you would agree that SU24 is useless in my case.

      I know SU24 well and it is usefull when evaluating Authorisation objects used in tcodes or external services.

      However, in this case I am particularly trying to find out what authorisation objects and values are necessary for this Communication user in order to access documents stored on the Content Server.

      There is not an existing transaction code for this purpose and therefore I tried using the TRACE, which did not render any results.



  • avatar image
    Former Member
    Feb 09, 2009 at 10:38 AM


    Edited by: Julius Bussche on Feb 9, 2009 12:11 PM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 10, 2009 at 02:09 AM

    Ok If I understand this correctly ...the logon Id had SAP_ALL and that heped you to complete this functionality....ST01 has not been much of lets remove the SAP_ALL from this Id and then see what error does it give ...and let us know ....from it we will try to add the auth objects one by one. I assume S_RFC would be must with activity - 16, RFC type FUGR, lets keep RFC_NAME as * for a moment...and let us see

    Also go through the SAP NOTE 460089.

    Edited by: Nishant Sourabh on Feb 10, 2009 3:52 AM

    Add comment
    10|10000 characters needed characters exceeded