Critical Basis Object : S_ADMI_FCD

Definition

This authorization object checks access to several Basis functions, for
example, spool administration and monitoring.

Defined fields

The object defines one authorization field, System administration
functions. The possible values for this field are:

System administration

o NADM: Network administration (SM54, SM55, SM58, SM59, SMT1, SMT2,
SMQ1, SMQ2, SMQ3, SMQA, SMQR)

o PADM: Process administration (SM50, SM51, SM04); intercept
background job (debugging function in background job administration,
Transaction SM37)

o SM02: Authorization to create, change, and delete system messages

o UADM: Update administration (SM13)

o T000: Create new client

o TLCK: Lock/unlock transaction

o MEMO: Set SAP memory management quota using report RSMEMORY

o COLA: Administration of OLE automation servers and controls

o F4MX: Activate/deactivate ActiveX search help support
throughout the system

o TOUC: Execute report TOUCHALL

o QDEL: Execute report RSTRFCQDS or RSTRFCIDS to delete a queue in
SMQ1 or in SMQ2 in accordance with selection criteria

Spool Administration

Authorization for spool administration is controlled in two groups of
authorization values. You need authorizations from both groups to
execute spool administration.

These groups are:

o Client authorizations

- SPAD: Authorization for spool administration in all clients

- SPAR: Authorization for client-dependent spool administration
The functions of these values are the same, as the spool
administration objects are client-independent. We recommend you only
enter the value SPAD.
Without a functional authorization, the SPAD user cannot execute any
spool administration functions.

o Functional authorization:

- SPAA: Authorization to define output devices

- SPAB: Authorization to define physical or logical Output
Management Systems (OMS) in spool administration

- SPAC: Authorization to maintain device types and associated
objects (formatting, character sets, and so on)

- SPAM: Authorization to administer spool requests in external
clients (request client is not the administrator's client).
Authorization values SPAD and SP01 are also required (see below,
Administration of Spool Requests in the Spool Output
Controller).

SAPscript Font Maintenance

o FONT: Authorization to maintain SAPscript font data

TemSe Administration

The TemSe database stores spool request data, background processing job
logs and other data that only needs to be kept in the system for a short
period of time. These authorizations grant access to the TemSe
administration functions, such as consistency checks and reorganization.

- SPTD: Authorization for TemSe administration in all clients

- SPTR: Authorization for client-specific TemSe administration

Administration of Spool Requests in the Spool Output Controller

Authorization to administer spool requests is controlled using two
groups of authorization objects or authorization values. The
authorizations required depend on whether the administrator needs to
access spool requests from external clients (request client is not the
administrator's client).

These authorizations are:

- SP01: Authorization for administration of spool requests in the
spool output controller (all users and clients)

- SP0R: Authorization for administration of spool requests (all
users) in the spool output controller. Access is limited to
spool requests in the current client of the user.

For SP01:

- To access spool requests in your own client (apart from your own
unprotected requests), you need an additional authorization for
object S_SPO_ACT (Spool: Activity).

- To access spool requests in external clients, users with the
authorization for SP01 are automatically authorized to list
spool requests and to display their attributes.
Administrators with values SPAD and SPAM (see above), have
unlimited authorization for external client spool requests.

For SP0R: To access spool requests (apart from your own unprotected
requests), you need an additional authorization for object S_SPO_ACT
(Spool: Actions).

Monitoring:

o ST0M: Authorization to change trace switches

o ST0R: Authorization to analyze traces

o SM21: Authorization to analyze system logs



liveCache Administration:

o LC01: liveCache Administration authorization (display functions)

o LC02: liveCache Administration authorization (start, stop)

o LC03: liveCache Administration authorization (integration,
configuration)

o LC04: liveCache Administration authorization (initialization)



Other:

o AUDA: Basis audit administration

o AUDD: Basis audit display authorization

o BTCH: Test environment, batch

o UNIX: Execute UNIX commands from the SAP System using program
SAPMSOS0

o RSET: Reset/delete data without archiving

o SYNC: Reset buffers (buffer synch. with $sync, $tab...)

o UBUF: Execute report RSUSR405 - Reset all user buffers

o X25 : Open X.25 connection to SAP System(using report SAPSERVER)

o TRNL: Translation administration (Transaction SLW2)

o TCTR: Table control settings throughout the system

o CONV: Conversion according to release

o SCP1: Set character sets, languages, character conversions

o SCP2: Database character conversion

Example


You can use the following values to assign to a user the authorizations
for administration of the spool output controller. The user can execute
all operations of the spool output controller.

Field Value
System administration SPAD, SPAM, SP01
functions

Additional authorization for S_SPO_ACT (Spool: Actions):

Field Value
Authorization field *
for spool activity

Value for *
Authorization check

Additional authorization for S_SPO_DEV (Spool: Device authorization)

Field Value
Spool: Output device *