Specifying the Execution of External Programs from Job Steps

When you want to run an external program as a job step that is executed in a background process, the following steps are executed:

...

       1.      A request for the execution is sent from the background process via the dispatcher to the local instance gateway.

       2.      The gateway calls the program sapxpg with the requested external program as an argument.
Depending on the location specified in the job step, the gateway starts
sapxpg locally (using fork/exec) or remotely (using remote shell/remote execute mechanisms, offered by the operating system).

       3.      The program sapxpg starts the execution of the external program.

       4.      The external program is executed.

       5.      When the external program finishes control is given back to the program sapxpg.

       6.      The program sapxpg gives the control back to the gateway.

       7.      The gateway returns the results of the execution via the dispatcher to the batch work process.

Since external commands called from background jobs have to pass through the gateway, the secinfo file can be used to disallow their execution. However, if you have specified a secinfo file and you want to allow the execution of external programs, you have to make an entry for the program sapxpg in the secinfo file. (See also Authorizations in the RFC/ICF Security Guide.)

For the execution of external commands within background processing jobs, the user needs to have the appropriate authorization for the object S_LOG_COM.