Authorizations

Documentation

Authorizations and security are covered more fully in the eCATT Security Guide, which can be found in SAPNet.

Access to the eCATT Test System

Access to the eCATT test system should be strictly controlled.

If trusted RFC is not used, there may be RFC destinations in the eCATT test system in which the user and password are fully specified.

Authorizations Required at Design Time

You can assign the role SAP_ECAT (eCATT Editor) to your test developers to authorize them for design time.

In more detail, you need:

·        Developer rights (S_DEVELOP with relevant activities for object types ECAT, ECSC, ECSD, ECTC and ECTD) in the eCATT test system.

·        RFC rights (S_RFC) in the eCATT test system.

·        The relevant authorizations in the target systems.

·        If applicable, rights for maintaining documentation with SE61 (S_DOKU_AUT) in the eCATT test system.

·        Rights for GUI activities for uploading and downloading (S_GUI) in the eCATT test system.

Authorizations Required at Runtime

You can assign the role SAP_ECST (eCATT Starter) to your testers to authorize them for runtime.

In more detail, you need:

·        A profile containing S_DEVELOP authorization with activity 16 (Execute) and 03 (Display) in the eCATT test system.

·        RFC rights (S_RFC) in the eCATT test system.

·        A profile containing S_DEVELOP authorization with activity 16 (Execute) in the target systems.

·        The relevant authorizations in the target systems.

·        If applicable, rights for archiving eCATT Logs in an archive (S_ARCHIVE) in the eCATT test system.

Security and the SAPGUI Command

The following are some of the security features:

·        The administrator can switch GUI Scripting on or off for a particular application server.

·        In addition to the server settings, GUI Scripting requires certain components to be installed on the front end. If GUI Scripting is enabled, the user can enable or disable scripting at the front end. Here, you have the option to be notified whenever a script attaches to the SAP GUI or a script opens a connection. eCATT itself never opens a new connection.

·        eCATT GUI Scripting does not use Windows Scripting Host.

·        The SAPGUI command never records logon screens.

Target Systems

When you record GUI actions in a target system, the security settings of the target system apply. When you replay a SAPGUI command, the security settings of the eCATT system apply.