In recent years, some Basis Technologies customers have highlighted that the ActiveControl RFC users required more authorisations than was actually required.
As part of ActiveControl 9.10, a lot of validation has been done to confirm that some of these authorisations can be safely removed from the ActiveControl roles, to address some of the concerns that customers have been raising to us:
|Description of the Change.
|Link to online Change Note
|Removal of SAP_BC_TRANSPORT_ADMINISTRATOR as a requirement as part of AC RFC roles
|Historically, Basis Technologies’ recommended to include SAP_BC_TRANSPORT_ADMINISTRATOR as part of AC_RFC users. This is no longer required, as the other roles include the necessary authorisations.
|Removal of auth object S_CLNT_IMP from /BTI/TE:CTS_RFC
|Authorisation object S_CLNT_IMP was removed from role /BTI/TE:CTS_RFC as it is not required whilst doing a client copy via RFC from ActiveControl
|Removal of S_DEVELOP and S_TABU_DIS from /BTI/TE:CTS_USER
|Authorisation objects were removed from role /BTI/TE:CTS_RFC
|Remove S_BTCH_ADM from RFC roles
|S_BTCH_ADM has been removed from all ActiveControl roles
|Reduced privileges within /BTI/TE:CTS_ADMIN_USER and /BTI/TE:CTS_USER roles
|Remove of excessive privileges to authorisation activities as part of these roles.
|AGR_TCODES table clean up
|Legacy Y namespace items removed from table AGR_TCODES, and legacy YBTSL transaction code also been removed from the standard ActiveControl roles.
|Removal of CHGSTATUS
|Legacy activity CHGSTATUS has been removed from table /BTI/TE_AUTH_ACT.
As of ActiveControl 9.10 the following is required to be assigned to the AC_RFC user:
|Remote Satellite systems (all clients)