Set up users and assign authorizations to your users in the ERP system. remQ includes authorization objects that can be used to define business roles:
Authorization Objects:
• ZREMDNJOBS_ ACTVT=16 (execute) is required to start transaction /REM/ADMIN and run remQ jobs
• ZREMDNREPO: Required to access alerts.
Available fields in ZREMDNREPO:
• SID
• Client: X=actual client where user is logged on (default)
• Company Code (BUKRS)
• REM_AREA
• REM_ID
• Plant
• Purchasing Org.
• Sales Org.
• Service Org.
• ACTVT: 03=read; 02=add comment; 16=execute (approve/reject)
Create roles: In addition to authorization object S_TCODE for remQ transaction codes, you need to maintain the following values:
1. Create a technical role for the user that runs remQ jobs:
a. Use authorization object ZREMDNJOBS with ACTVT=16.
b. Maintain authorization values.
c. Generate the profile.
2. Assign this technical role to the user that runs remQ jobs.
3. The user that schedules remQ jobs (in /REM/ADMIN) requires authorizations for creation and administration of background jobs. The SAP standard roles SAP_BC_ENDUSER and SAP_BC_BATCH_ADMIN can be used and assigned to this user. Note that remQ jobs can be run under a service user.
4. Create business roles:
a. Use authorization object ZRMDNREPO.
b. Maintain authorization values.
c. Generate the profile.
5. Assign the business roles to the users that access the alerts (in /REM/ALERTS and other transactions).
Note: when you maintain authorization values and do not use * in a field, add ´ ´ (a space in quotation marks) as a value in this field.
The remQ Add-On contains template roles that can be used for testing and to derive roles:
User type: Administrator (TCODES /REM/ADMIN, /REM/MCHNG)
Template role: /REM/ADMIN
This user type requires additional authorizations to schedule and execute jobs in the background, you can assign e.g.
SAP_BC_ENDUSER or (if you use REM_USER to assign the background jobs to a service user:) SAP_BC_BATCH_ADMIN
User type: User (/TCODES REM/ALERTS, /REM/KPIS)
Template role: /REM/USER
To execute mass approval/rejection/deletion of alerts in transaction /REM/MCHNG, both roles /REM/ADMIN and /REM/USER are required: /REM/ADMIN contains the S_TCODE value, and both remQ authorization objects (ZREMDNJOBS and ZREMDNREPO) are required.
User type: Auditor (TCODES /REM/AUDIT_ADMIN, /REM/AUDIT_ALERTS)
Template role: /REM/AUDITOR
and additional authorizations to schedule and execute jobs in the background, you can assign e.g
SAP_BC_ENDUSER, SAP_BC_BATCH_ADMIN
User type: Super-User
Composite role /REM/REM_ALL contains all three single roles.
