Using transaction PFCG (Profile Generator)

Perform the following steps:
  1. Write a name, for example ZTWS, in Role Name.
  2. Click Create Role and write a description for the role, such as "Role for the TWS user."
  3. Save the role.
  4. Select Authorizations.
  5. Click Change Authorization Data.
  6. In the pop-up, select Templates.
  7. Manually add the following authorization objects:
    Object Description
    S_ADMI_FCD System authorizations
    S_APPL_LOGApplication logs
    S_BTCH_ADM Background processing: Background administrator
    S_BTCH_JOB Background processing: Operations on background jobs
    S_BTCH_NAM Background processing: Background user name
    S_PROGRAMABAP: Program run checks
    S_DEVELOPABAP Workbench: full authorization to modify objects of type PROG
    S_LOG_COM Authorization to run external commands
    S_RFC Authorization check for RFC access
    S_RZL_ADM CCMS: System Administration
    S_SPO_ACT Spool: Actions
    S_SPO_DEV Spool: Device authorizations
    S_XMI_LOG Internal access authorizations for XMI log
    S_XMI_PROD Authorization for external management interfaces (XMI)
  8. Fill in the values according to the following scheme:
    ObjectDescription
    S_ADMI_FCD System authorizations
    • System administration function: Full authorization
    S_APPL_LOG Activity: Display
    • Application log Object name: Full authorization
    • Application log subobject: Full authorization
    S_BTCH_ADM Background processing: Background administrator
    • Background administrator ID: Full authorization
    S_BTCH_JOBBackground processing: Operations on background jobs
    • Job operations: Full authorization
    • Summary of jobs for a group: Full authorization
    S_BTCH_NAMBackground processing: Background user name
    • Background user name for authorization check: Full authorization
    S_PROGRAM ABAP: Program run checks
    • User action ABAP/4 program: Full authorization
    • Authorization group ABAP/4 program: Full authorization
    S_RFCAuthorization check for RFC access
    • Activity: Full authorization
    • Name of RFC to be protected: Full authorization
    • Type of RFC object to be protected: Full authorization
    S_RZL_ADMActivity: Full authorization
    S_SPO_ACTSpool: Actions
    • Authorization field for spool actions: Full authorization
    • Value for authorization check: Full authorization
    S_SPO_DEVSpool: Device authorizations
    • Spool - Long device names: Full authorization
    S_XMI_LOGInternal access authorizations for XMI log
    • Access method for XMI log: Full authorization
    S_XMI_PRODAuthorization for external management interfaces (XMI)
    • XMI logging - Company name: ABC*
    • XMI logging - Program name: MAESTRO*
    • Interface ID: Full authorization
  9. Save the authorizations.
  10. Generate a profile. Use the same name that you wrote in Role Name.
  11. Exit the authorization management panel and select User.
  12. Add the IBM Workload Scheduler user to the role.
  13. Save the role.