Required Permissions
The following table lists the required permissions for the specific operations mentioned in this section:
Operation |
Required Permissions |
---|---|
Test Connection |
|
Account Aggregation |
|
Delta Aggregation |
Test Connection, Account Aggregation, and Delta Aggregation |
Provisioning Rule |
Test Connection, Account Aggregation, and Provisioning Rule Permissions |
The role assigned to the SAP Administrative user must have the authorization objects as mentioned in the following tables.
Permissions by Operation

Authorization Objects |
Field Name |
Field Description |
Field Value |
---|---|---|---|
S_RFC |
ACTVT |
Activity |
16-Execute |
RFC_NAME |
Name of RFC object |
RFCPING |
|
RFC_TYPE |
Type of RFC object |
FUGR, FUNC |

Authorization Objects |
Field name |
Field description |
Field value |
S_RFC |
Activity: 16 RFC_NAME |
Name of RFC object |
0PBAPI0105, BAPI_ADDRESSEMPGETDETAILEDLIST, BAPI_EMPLCOMM_GETDETAILEDLIST, BAPI_EMPLOYEE_GETDATA, BAPI_EMPLOYEE_GETLIST, BAPI_PERSDATA_GETLIST, MSS_GET_SY_DATE_TIME, BAPI_PERSDATA_GETDETAIL, RFC_READ_TABLE, SMSSDATA1, PERS,PADR,RFC_GET_FUNCTION_INTERFACE, DDIF_FIELDINFO_GET, BAPI_COMPANYCODE_GETDETAIL, 0002, RFC_METADATA_GET Note
|
S_TABU_DIS |
ACTVT |
Activity |
03 Display |
DICBERCLS |
DICBERCLS |
FC01 |
|
S_TABU_NAM |
ACTVT |
Activity |
03 Display |
TABLE Name |
TABLE |
HRP1001, HRP1000, PA0000, PA0001, PA0002 T530T, T529T - Only add these table names if you want to populate the following account schema attributes:
PA0006, PA0105 - Add these tables if the Delta Aggregation Enabled checkbox is selected. |
|
P_Orgin |
AUTHC |
Authorization Level |
R |
INFTY |
INFOTYPE |
0001, 0002, 0003, 0006, 0032, 0105 |
|
PERSA |
Personal area |
(Depending on the organizational area you have assigned to user while creating) |
|
PERSG |
Employee group |
(Depending on the organizational area you have assigned to user while creating) |
|
SUBTYPE |
SUBTY |
For example:
|
|
PERSK |
Employee subgroup |
(Depending on the organizational area you have assigned to user while creating) |
|
VDSK1 |
Organization Key |
(Depending on the organizational area you have assigned to user while creating) |

The administrator permissions mentioned in the following table are only applicable to the provisioning operations specified in the Example SAP HRMS Modify Rule (email, phone number, and system user name) rule.
Authorization Objects |
Field name |
Field description |
Field value |
S_RFC |
RFC_NAME |
Name of RFC object |
RFC1, 1065, BAPI_EMPLOYEE_ENQUEU, SYSU, SYSTEM_RESET_RFC_SERVER, SDIFRUNTIME, BAPI_EMPLCOMM_CHANGE, BAPI_EMPLCOMM_CREATE |
P_Orgin |
AUTHC |
Authorization Level |
E, S, W |