Skip to main content

Celonis Product Documentation

SAP User Role CELONIS_EXTRACTION in Detail

The following describes in detail what the role contains and why the authorizations are necessary, along customisation options

Cross-application Authorization Objects

Authorization Check for RFC Access - So the Extractor can remotely access the functions in the RFC module

Object

Field

Activities/Values

S_RFC

ACTVT

16

S_RFC

RFC_NAME

/CELONIS/46C_EXTRACTION, /CELONIS/CL_EXTRACTION, /CELONIS/EXTRACTION, RFC1, SDIFRUNTIME, SDTX, SRFC, SYST, SYSU

S_RFC

RFC_TYPE

FUGR

Basis: Administration

Background Processing: Operations on Background Jobs - So the RFC module can immediately run the extractions as background jobs

Object

Field

Activities/Values

S_BTCH_JOB

JOBACTION

RELE

S_BTCH_JOB

JOBGROUP

*

Administration Functions in Change and Transport System - So the RFC module can list directory contents

No longer necessary in RFC Module versions >= 1.8.0

Object

Field

Activities/Values

S_CTS_ADMI

CTS_ADMFCT

EPS1

Authorization for file access - So the RFC module can write, read, and delete files in the physical path defined for the logical path 'Z_CELONIS_TARGET'

Object

Field

Activities/Values

S_DATASET

ACTVT

06, 33, 34

S_DATASET

FILENAME

*

S_DATASET

PROGRAM

/CELONIS/*

Note

You can replace the '*' in 'FILENAME' with the physical path you have chosen for Z_CELONIS_TARGET, e.g. /<YOUR_PATH>/*

Authorization to Execute Logical Operating System Commands - So the RFC module can compress data it extracts

Object

Field

Activities/Values

S_LOG_COM

COMMAND

Z_CELO_GZIP, Z_CELO_SAPCAR

S_LOG_COM

HOST

*

S_LOG_COM

OPSYSTEM

*

Note

Unnecessary if using 'Uncompressed' or 'Native SAP Compression' in the EMS Data Connection

Table Maintenance (via standard tools such as SM30) - So the RFC module can extract data from tables

Object

Field

Activities/Values

S_TABU_DIS

ACTVT

03

S_TABU_DIS

DICBERCLS

*

Note

You can replace the '*' in 'DICBERCLS' with the authorisation group of tables you will be extracting.

Alternatively, If you need to control access to individual tables instead to groups of tables, you can use authorisation object S_TABU_NAM.

Important: When using the Real-Time Extractor, the Changelog tables (ZCL...) should also be whitelisted.