Required permissions
To use SAP OData as a source in a Qlik Replicate task, the following authorizations are required.
OData user authorizations
To use a single SAP Gateway framework or application services, the user role needs to have the corresponding authorizations. The proposals can be found in transaction SU22.
In the SAP Gateway hub system, the repository objects are R3TR IWSG and R3TR IWOM.
In the SAP Business Suite backend system, all authorizations are collected in the repository object R3TR IWSV.
In addition to the authorizations maintained in the SU22 proposal, the role needs to have the authorization object S_SERVICE assigned with the following specifications. This is a service allowing exploration of the framework or application services exposed by the SAP Gateway framework.
| Type of Application: | TADIR Service |
|---|---|
| Program ID: | R3TR |
| Object Type: | IWSG or IWSV |
| Object Name: | /IWFND/SG_MED_CATALOG |
For more information, see Roles in the SAP Gateway Landscape.
To add OData services to the role:
- Call transaction PFCG and create a single role.
- Assign the authorization defaults of SAP Gateway Business Suite Enablement - Service: as follows:
On the Menu tab, select Authorization Default from the Transaction menu.
A new window opens.
- From the Authorization Default drop-down list, select SAP Gateway: Service Groups Metadata (R3TR IWSG).
In TADIR Service, assign the following services required for catalog read:
/IWFND/SG_MED_CATALOG_0001
/IWFND/SG_MED_CATALOG_0002
Add the required OData service(s) metadata. Specify the service name with ‘*’ at the end to find the service with a version number. Click Copy.
From the Authorization Default drop-down list, select SAP Gateway Business Suite Enablement – Service (R3TR IWSV).
In TADIR Service, select and assign the required service(s). Specify the service name with ‘*’ at the end to find the service with a version number. Click Copy.
Verify the result.
Each service should now have two entries:
R3TR IWSG (for service metadata)
R3TR IWSV (for the service itself)
The catalog should include the following entries:
/IWFND/SG_MED_CATALOG_0001
/IWFND/SG_MED_CATALOG_0002
- Save the settings and then generate an authorization profile.
- Assign the role to the communication user for Replicate.
Data objects
| Authorization object | Field name | Value | Activity |
|---|---|---|---|
| S_RS_ADSO | RSINFOAREA | * | 23 |
| RSOADSONM | * | ||
| S_RS_COMP | RSINFOAREA | * | 23 |
| RSINFOCUBE | * | ||
| RSZCOMPTP | * | ||
| RSZCOMPID | * | ||
| S_RS_COMP1 | RSZCOMPID | * | 23 |
| RSZCOMPTP | * | ||
| RSZOWNER | * | ||
| S_RS_DS | RSDS | * | 23 |
| RSDSPART | * | ||
| RSLOGSYS | * | ||
| S_RS_HCPR | RSINFOAREA | * | 23 |
| RSHCPR | * | ||
| RSHCPROBJ | * | ||
| S_RS_HYBR | RSHYBRPROV | * | 23 |
| RSHYBROBJ | * | ||
| S_RS_ICUBE | RSINFOAREA | * | 23 |
| RSINFOCUBE | * | ||
| RSICUBEOBJ | * | ||
| S_RS_IOBJ | RSIOBJ | * | 23 |
| RSIOBJCAT | * | ||
| RSIOBJPART | * | ||
| S_RS_IOMAD | RSINFOAREA | * | 23 |
| RSAPPLNM | * | ||
| RSIOBJNM | * | ||
| S_RS_ISET | RSINFOAREA | * | 23 |
| RSINFOSET | * | ||
| RSISETOBJ | * | ||
| S_RS_MPRO | RSINFOAREA | * | 23 |
| RSMPRO | * | ||
| RSMPROOBJ | * | ||
| S_RS_ODSO | RSINFOAREA | * | 23 |
| RSODSOBJ | * | ||
| RSODSPART | * | ||
| S_RS_ODP_H | RSODPHNAME | * | 23 |
| RSODPHPKG | * | ||
| S_RS_ODSV | RSFBPNAME | * | 23 |
| RSFBPOBJ | * | ||
| RSINFOAREA | * | ||
| S_RO_OSOA | OLTPSOURCE | * | 23 |
| OSOAAPCO | * | ||
| OSOAPART | * |
Other
| Authorization object | Field name | Value | Activity |
|---|---|---|---|
| S_ADMI_FCD | S_ADMI_FCD | PADM, ST22 | |
| S_ADT_RES | URI | /sap/bc/adt/* | |
| S_DEVELOP | OBJTYPE | DEBUG, ST22 | 03 |
| S_TCODE | TCD | ST22 | |
| S_BTCH_ADM | BTCADMIN | Y | |
| S_BTCH_JOB | JOBACTION | RELE | |
| JOBGROUP | * | ||
| S_BTCH_NAM | BTCUNAME | BWREMOTE | |
| S_DMIS (Only required when replicating from an SLT Replication Server) | MBT_PR_ARE | SLOP | 03 |
| MBT_PR_LEV | PACKAGE |