What are the required SAP authorizations to run the extractor?

The SAP data extractor uses function module RFC_READ_TABLE or BBP_RFC_READ_TABLE to retrieve data from the system. This is a standard module to read data and will not make any changes to your system. In order to perform the download the following authorizations need to be configured:

S_RFC: RFC_TYPE=FUGR, RFC_NAME=SYST, ACTVT=16
S_RFC: RFC_TYPE=FUGR, RFC_NAME=RFC1, ACTVT=16
S_RFC: RFC_TYPE=FUGR, RFC_NAME=SDTX, ACTVT=16
S_RFC: RFC_TYPE=FUGR, RFC_NAME=SBDC, ACTVT=16
S_RFC: RFC_TYPE=FUGR, RFC_NAME=SDIFRUNTIME, ACTVT=16

S_TABU_DIS: ACTVT=03 (display), DICBERCLS=&NC&
S_TABU_DIS: ACTVT=03 (display), DICBERCLS=*

SAP table authorization groups can be restricted by removing the star value authorization and replace it by named authorization groups. Note that the extractor requires access to table DD03L to read the technical characteristics of the downloaded tables.

S_TABU_CLI: CLIDMAINT=X

S_TCODE: TCD=SE16; (Data Browser)
S_TCODE: TCD=SE16N; (General Table Display)