(Glue-2311) Custom SNP Glue™ Authorizations

Owned by SNP
Nov 24, 2023
3 min read

SNP Glue™ uses the following authorization objects:

  • /DVD/GLUE1: Access to SAP tables.
  • /DVD/GLUE2: Glue object access (currently implemented only for extractors and TMS).
  • /DVD/GLUES: Access to Storage tables.
  • S_TABU_DIS: Standard SAP authorization object for data access.
  • S_TABU_NAM: Standard SAP authorization object for table access.
  • S_RS_ODSO: Standard SAP authorization object for DSO access.
  • S_RS_ICUBE: Standard SAP authorization object for InfoCube access.

SNP Glue™ actions

Actions available in SNP Glue™ authorization objects are:

    • CRE_GLUE11 > Create a table in Glue11.
    • DIS_GLUE11 > Display a table in Glue11.
    • DIS_GLUE16 > Display storage table data in Glue16.
    • MAN_GLUE14 > Manage table in Glue14.
    • DIS_EXT > Display extractor.
    • MAN_EXT > Create and manage extractor.
    • RUN_EXT > Run extraction.
    • MAN_BPL > Create, manage, and execute business objects (not supported yet).
    • CRE_TMS > Create Glue transport.
    • IMP_TMS > Import Glue transport.
    • MAN_QUE > Manage Glue Queues.
    • DIS_QUE > Display Glue Queues.
    • DIS_IP > Display Infoprovider.
    • MAN_IP > Manage Infoprovider.
    • ALL_CLIENT > Read all clients.
    • MAN_SETT > Manage glue settings.
    • GL_BACKUP > Glue Table Backup.

Object /DVD/GLUE1

Fields:

  • TABNAME: SAP table name.
  • GLUEACTION: Glue action.
  • DLVUNIT: Software component.

Usage:

  • Importing fields from SAP table into Glue Data Dictionary.
  • Display, create, change, or manage an extractor with an SAP table.
  • Extraction from or into an SAP table.

You can also use this authorization object to restrict access to DSO or InfoCube data by limiting access to their Active data table and Fact table.

The check for this authorization object /DVD/GLUE1 is used in case the setting Enable authentication for auth. object GLUE (AUTH_OBJ_GLUE) in Glue expert settings is enabled.

Object /DVD/GLUE2

This object currently supports only extractor and TMS actions.

Fields:

  • GL_OBJ_NM: Glue object name.
  • GL_OBJ_TP: Glue object type.
  • DEVCLASS: SAP development class (nowadays known as a package).
  • GLUEACTION: Glue action.

Usage:

  • Manage Extractor (Create, Change, Manage).
  • Display Extractor.
  • Create a Variant (authorized with an extractor name and a type extractor).
  • Run Variant (authorized with an extractor name and a type extractor).
  • Create Glue transport.
  • Import Glue transport.
  • Display Glue Queue.
  • Manage Glue Queue.
  • Enable Read all clients functionality for SAP table fetcher.

The check for this authorization object /DVD/GLUE2 is used in case the setting Enable authentication for auth. object GL_OBJ (AUTH_OBJ_GL_OBJ) in Glue expert settings is enabled.

Object /DVD/GLUES

Fields:

  • STORAGEID: Storage ID.

  • TABNAME: Storage table name.

    We recommend following a strict naming convention for tables on external storage so that tables are grouped based on their data, functional area, or source system. In addition, please ensure that tables on external storage do not have the same table name as on the SAP system. This is important for avoiding any misunderstandings or mix-ups.

  • DEVCLASS: SAP development class (nowadays known as a package).
  • GLUEACTION: Glue action.

Usage:

  • Display a Glue table.
  • Create a Glue table.
  • Change a Glue table.
  • Manage a table in /DVD/GL14.
  • Display data in /DVD/GL16.
  • Display, create, change, or manage an extractor with a Glue table.
  • Extraction from or into a Glue table.

The check for this authorization object /DVD/GLUES is used in case the setting Enable authentication for auth. object STOR (AUTH_OBJ_STOR) in Glue expert settings is enabled.

Object S_TABU_DIS

We also implemented the standard SAP authorization object S_TABU_DIS for data access. It can be used together with /DVD/GLUE1 or as its replacement.

Fields:

  • DICBERCLS: Table Authorization Group.
  • ACTVT: Activity.

Usage:

  • Import fields from the SAP table.
  • Create, change, or manage an extractor with an SAP table.
  • Extraction from or into an SAP table.

Object  S_TABU_NAM

Standard SAP authorization object for table access. When the check on object S_TABU_DIS fails, then authorization against S_TABU_NAM is performed.

Fields:

  • ACTVT: Activity.
  • TABLE: Table name.

Usage:

  • Same as S_TABU_DIS.

Object S_RS_ODSO

The standard SAP authorization object S_RS_ODSO can be used to restrict access to DSO data (also you can perform this by restricting access to its Active data table using the object /DVD/GLUE1).

Fields:

  • ACTVT: Activity.
  • RSINFOAREA: InfoArea.
  • RSODSOBJ: DataStore object.
  • RSODSPART: Subobject for ODS object.

Usage:

  • Manage extractor of type Standard DSO to Storage.
  • Extraction from DataStore object into a Glue table.

Object S_RS_ICUBE

The standard SAP authorization object S_RS_ICUBE can be used to restrict access to InfoCube data (also you can perform this by restricting access to its Fact table using the object /DVD/GLUE1).

Fields:

  • ACTVT: Activity.
  • RSINFOAREA: InfoArea.
  • RSINFOCUBE: InfoCube.
  • RSICUBEOBJ: InfoCube Subobject.

Usage:

  • Manage extractor of the type InfoCube to Storage.
  • Extraction from InfoCube into a Glue table.