Skip to main content

Set Up a New SAP User for the Integration

This article explains how to set up a new user in SAP, and configure the permissions required to run the integration with MaintainX. You'll configure the SAP user specifically to work with the middleware software, Workato. Setting up the SAP user allows the MaintainX and SAP systems to communicate with each other.

Create a New User in SAP​

The section explains how to set up a new user in SAP. We recommend you use Communication user type. SAP reserves that user type for RFC communication. Communication users cannot access the SAP user interface.

To create a new user in SAP:

  1. From the SAP home screen, enter transaction code:

    SU01

    The User Maintenance screen opens.

  2. In the User field, enter the name WORKATO_INT for the new user.

  3. From the application toolbar, select Create The Create icon in SAP ECC6 (or Edit > Create from the menu).

    The Maintain Users screen opens.

  4. Select the Address tab, and navigate to the Person section.

  5. In the Last Name field enter WORKATO_INT.

  6. Select the Logon Data tab.

  7. Set User Type to C Communications Data.

  8. In the Password section, enter a password in the New Password and Repeat Password fields.

    Keep your password handy

    You will need your password later in the setup process to configure the Workato On-premise Agent (OPA).

  9. From the toolbar, select Save The Save icon in SAP ECC6 (or User > Save from the menu) to save the new user.

Create a MaintainX/SAP Integration Role​

Create and assign a new role to the new integration user. This role grants access to specific objects and entities in your SAP system. This section explains how to configure the minimum permissions required to connect to SAP from Workato.

To create and assign a new user role in SAP:

  1. From the SAP home screen, enter transaction code:

    PFCG

    The Role Maintenance screen opens.

  2. In the Role field, enter the role name, Z_AUTH_ROLE_WORKATO, then select Single Role.

    The Create Roles screen opens.

  3. Navigate to the Role options.

  4. In the Description field, enter Authorization role for MaintainX/SAP Integration.

  5. Navigate to the Authorizations tab.

    SAP prompts you to save the role before you can continue. Select Yes.

  6. Navigate to the Information About Authorization Profile section.

  7. Select the Propose Profile Names The Propose Profile Names icon in SAP ECC6 icon next to the Profile Name field.

    SAP fills in the Profile Name and Profile Text fields automatically.

  8. Navigate to the Edit Authorization Data and Generate Profiles section.

  9. Select the Change Authorization Data The Change icon in SAP ECC6 icon.

    When prompted to save the role, click Yes.

    The Change Role: Authorizations screen opens.

  10. If you're prompted to choose a template, select Do not select templates.

  11. If an information window appears, select the The Continue icon in SAP ECC6 Continue icon to dismiss it.

Assign Permissions for the MaintainX/SAP Integration Role​

This section explains how to assign the permissions your new SAP user needs to run the integration. Workato uses these permissions to authenticate in your SAP system, so it can read and write information.

To assign permission to the user role:

  1. In the application toolbar, select Manually.

    The Manual selection of authorizations dialog opens.

  2. In the Authorization Object fields, add the following objects. Add one object per field.

    ObjectPurpose
    S_RFCAuthorizes Workato to call certain function group modules.
    S_TABU_DISDetermines which group of tables using authorization groups users can access.
    S_TABU_NAMDetermines which tables users can access. This authorization object permits users to access a specific table within an authorization group that they otherwise can't access.
    S_IDOCDEFTAuthorizes the user for specific IDoc Types.

    When you're finished, the dialog should look like this:

    Manual role authorization selection in SAP ECC6
    Manual role authorization selection in SAP ECC6

  3. Select the The Continue icon in SAP ECC6 Continue icon to return to the Change Role: Authorizations screen.

  4. Expand all the new authorizations. Your role should now look like this:

    A list of role authorizations in SAP ECC6
    Role authorizations look like this before you configure them

Configure the New Authorizations​

After you add the required authorizations to your user role, configure them to specify exactly which permissions your SAP user will have.

To configure the authorizations:

  1. Fill in the authorization field values (white space) for each of the following objects as follows:

    FieldValues
    ActivitySelect the following:
    • 16
    Name (Whitelist) of RFC object
    • Full Authorization
    Type of RFC objectFUGR

    The final authorization should look like this:

    A list of configured role authorization in SAP ECC6
    Role authorizations look like this after you configure them

  2. From the toolbar, select Save The Save icon in SAP ECC6 (or Authorizations > Save from the menu) to save the authorizations.

  3. From the application toolbar, select Generate The Generate icon in SAP ECC6 (or Authorizations > Generate from the menu) to generate the authorizations.

To complete the user setup, you have to link the new integration user you created in Create a new User in SAP (WORKATO_INT) to the new role you created in Create a MaintainX/SAP Integration Role (Z_AUTH_ROLE_WORKATO).

  1. Enter transaction code:

    SU01

    The User Maintenance: Initial Screen opens.

  2. In the User field, enter the integration user name: WORKATO_INT.

  3. In the application toolbar, select the Change The Change icon in SAP ECC6 icon (or ).

    The Maintain Users screen opens.

  4. Select the Roles tab.

  5. In the Role Assignment table, enter Z_AUTH_ROLE_WORKATO role you just created in step Create a MaintainX/SAP Integration Role.

  6. From the toolbar, select Save The Save icon in SAP ECC6 (or User > Save from the menu).