...
Auth. field: Transaction Code TCD: /DVD/SM_SETUP
Database storage
All the database storage requires is the setup of Common authorization objects, and also the specific authorizations (unless stated otherwise).
Common authorization objects for database storages
Authorization object S_RFC_ADM (Not needed in Open SQL storages: MSSQL, DB2, SIQ, ORACLE)
...
Auth. field: Activity ACTVT: 61
MS Azure Synapse
Storage type: AZURE_SDSP
Authorization object /DVD/RL
Auth. field: Activity ACTVT: 16 (16 - Execute)
Snowflake
Storage type: SNOWFLAKE
Authorization object /DVD/RL
Auth. field: Activity ACTVT: 16 (16 - Execute)
Google Big Query
Storage type: BIGQUERY
Authorization object S_DATASET
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
Amazon Redshift
Storage type: REDSHIFT
Authorization object S_DATASET
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
Hive/Impala
Storage type: SM_TRS_MS
Authorization object S_RFC_ADM
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
MSSQL, Oracle, HANA DB
Storage type: SM_TRS_MSSQL, SM_TRS_ORA, SM_TRS_HDB
...
Auth field: Activity ACTVT: 40, 42 (40 - Create in DB, 42 - Convert to DB)
Auth field: Package DEVCLASS: -
Auth field: Object name OBJNAME: Z*, Y* (Needed starting letter of Views according to customer’s naming conventions)
Auth field: Object Type OBJTYPE: VIEW
Auth field: Authorization group ABAP/4 program P_GROUP: -
SIQ
Storage type: SM_TRS_SIQ
Authorization object S_CTS_SADM
...
Auth. field: Administration Tasks for Change and Transport System CTS_ADMFCT: TABL
DB2
Storage type: SM_TRS_DB2
No additional authorizations are required.
File storage
All the file storage requires is the setup of Common authorization objects for file storage and the storage-specific authorizations.
Common authorization objects for file storage
Authorization object S_RFC_ADM (Not needed in Open SQL storages: MSSQL, DB2, SIQ, ORACLE)
...
Auth field: Activity ACTVT: 61
MS Azure ADLS Gen 2 + Azure Blob
Storage type: ADLS_GEN2, AZURE_BLOB
No additional authorizations are required.
AWS S3
Storage type: AWS_S3
Authorization object S_DATASET
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
Google cloud storage
Storage type: GCS
Authorization object S_DATASET
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
HDFS (Hadoop Distributed File Storage)
Storage type: HADOOP
Authorization object S_RFC_ADM
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
Application server storage (File storage)
Storage type: BINFILE
Authorization object S_LOG_COM
...
Auth. field: Activity ACTVT: 06, 33, 34 (This depends on DB operations: 06 - Delete, 33 - Read, 34 - Write, A6 - Read with filter, A7 - Write with filter)
Auth. field: Physical file name FILENAME: /tmp/*
Auth. field: Program Name with Search Help PROGRAM: /DVD/SM_CL_FILE_STORAGE=======CP, /DVD/SM_CL_FILE_CONTAINER=====CP
Blob storage (primary database)
Storage type: BLOB
Authorization object S_DEVELOP
Auth field: Activity ACTVT: 40 (40 - Create in DB)
Auth field: Package DEVCLASS: -
Auth field: Object name OBJNAME: Z*, Y* (Needed starting letter of tables according to customer’s naming conventions)
Auth field: Object Type OBJTYPE: TABL
Auth field: Authorization group ABAP/4 program P_GROUP: -
Snowflake internal stage
Storage type: BLOB
Authorization object /DVD/RL
Auth. field: Activity ACTVT: 16 (16 - Execute)
Transparent-binary storage
Transparent binary storage provides an additional logic to accomplish classic transparent RDB-like functionality for file storage.
...
The storage requires the authorizations from the common section, and individual file storage authorizations described in separate sections.
Storage type: SM_TRS_BIN
Common authorization objects for transparent-binary storage
Authorization object S_RFC_ADM (Not needed in Open SQL storages: MSSQL, DB2, SIQ, ORACLE)
...
Auth field: Activity ACTVT: 61
Transparent-binary on Azure ADLS Gen 2, Azure Blob
No additional authorizations are required.
Transparent-binary on AWS S3
Authorization object S_DATASET
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
Transparent-binary on Google cloud storage
Authorization object S_DATASET
...
Auth. field: Activity ACTVT: 16 (16 - Execute)
Transparent-binary on Hadoop HDFS
Authorization object S_RFC_ADM
Auth. field: Activity ACTVT: 03 (03 - display)
Auth. field: Internet Communication Framework Values ICF_VALUE: -
Auth. field: Logical Destination (Specified in Function Call) RFCDEST: HADOOP_SKBTSCCK21_HTTPFS (HTTP RFC destination, this will be a value in /DVD/SM_SETUP → Hive configuration → Hadoop tab )
Auth. field: Type of Entry in RFCDES RFCTYPE: -
Transparent-binary on Application server storage (File storage)
Authorization object S_LOG_COM
...
Auth. field: Activity ACTVT: 06, 33, 34 (This depends on DB operations: 06 - Delete, 33 - Read, 34 - Write, A6 - Read with filter, A7 - Write with filter)
Auth. field: Physical file name FILENAME: /tmp/*
Auth. field: Program Name with Search Help PROGRAM: /DVD/SM_CL_FILE_STORAGE=======CP, /DVD/SM_CL_FILE_CONTAINER=====CP
Transparent-binary on Blob storage (primary database)
No additional authorizations are required.
...