In this section you can find out about the alternatives available for maintaining authorizations for ALE Administration and Development.

• Predefined authorization profile

  You will find out which GL:authorization profile>authorization profiles are required for ALE and which authorization objects are contained within different task areas.
  The SAP standard system contains the predefined profiles for the individual ALE functions. You can maintain authorizations usingroles and you can create a new profile using profile generators.

For more information see Profiles and Authorization Objects for ALE further below.

• The SAP standard system contains the following roles:
• SAP_BC_MID_ALE_ADMIN for ALE administrators
• SAP_BC_MID_ALE_DEVELOPER for ALE developers

The steps involved in role maintenance are described below.

Further details can be found in Information and in the transaction procedure.

Activities

1. Execute the transaction.
2. Create a role.
3. In the tab Authorizations select Change authorization data.
4. If you want to use the predefined profile, on screen
5. Change Role: Authorizations place the cursor on the role and select Edit -> Add authorization -> From profile......
6. Select the following profiles in turn and add them to the role:
• B_ALE_ALL
• S_IDOC_ALL
• S_TRANSPRT
The object classes, authorizations objects, authorizations, fields and field contents of the profiles selected are displayed in a tree structure.
7. Edit change the field contents, if other values are required.
8. Save the tree structure.
9. Assign a profile name to the profile to be generated.
10. Choose Authorizations -> Generate to generate the profile.
11. Activate the profile.
12. Assign the profile to a user.

Further notes

Consider also the authorizations in Basis and in other applications. For information see the short introduction to the transaction.

Notes on the Transport

Take note of step 6 in the short introduction to the transaction.

Profiles and Authorizations Objects for ALE

The following profiles are provided for ALE functions:

• B_ALE_ALL
• S_IDOC_ALL
• S_TRANSPRT

The following list shows for each of these profiles which authorization objects from which object classes are checked for each function.

The field contents in these authorization objects is checked by the SAP System as part of the authorization check. If the content does not match the authorization object for the user, the user is not authorized to edit the object.

Profile B_ALE_ALL

In the Basis - Administration object class:

Customizing:

    S_TABU_DIS    Table maintenance (using standard tools)

In the Basis - Develoment environment object class:

    S_PROGRAM    ABAP: program run checks

In the object class Cross-application authorization objects" :

Inbound IDocs:

    B_ALE_RECV    ALE/EDI: inbound IDocs via RFC

Logical Systems:

    B_ALE_LSYS    ALE/EDI: Maintenance of logical systems

Distribution model:

    B_ALE_MODL    ALE/EDI: Maintenance of the distribution model

Reduction:

    B_ALE_REDU    ALE/EDI: Message generation

Master data:

    B_ALE_MAST    ALE/EDI: Master data distribution

Profile S_IDOC_ALL

In the Basis - Central functions object class

Monitoring:

    S_IDOCMONI    WFEDI: Access to IDOC monitoring

IDoc functions:

    S_IDOCCTRL    WFEDI: General access to IDOC functions

    S_IDOCDEFT    WFEDI: Access to IDOC development

Communication:

    S_IDOCPORT    WFEDI: Access to port profiles (IDoc)

    S_IDOCPART    WFEDI: Access to partner profiles (IDoc)

Profile S_TRANSPRT

In the Basis - Development environment object class

Customizing data:

    S_TRANSPRT    Workbench Organizer and transport system.