Authorisations for RFC User

Hello,
Does anyone have an exhaustive list of the authorisations that should be granted to RFC users in GTS and for those in the Feeder Systems?
Thx,
Marc

Hi Marc
I haven't reached this stage yet, as you know.. from the question you have answered for me.
But I believe it is authorization to the object s_rfcacl. Can you check if it works ?
(In a similar situation we tried to give the user access to additional RFC authorizations or SAP_ALL and then once we found the rfc working... reduced the authorizations given to that user)
Is there any specific error that you get when you run the RFC authorization test ?

Similar Messages

  • Password for RFC USer

    Hi experts,
    We need to set the password for RFC User in small letters.But we are not able to do it ,because of our 'login/*' parameter values.
    Is there is any other method to create the password for User ID with small letters(Ex:welcome,hello)?
    Thanks in Advance,
    Karthika

    > > Login rules are not specific to user types. It is same for all type of users.
    > Sorry, this is not correct. The password validity rules are a good example which don't apply to SYSTEM and SERVICE type users. Other examples are the idle time rules and compliance to policy rules and the logon ticket rules and remote login via debugging rules and...
    >
    I tried to talk about is as per the ongoing discussion topic i.e. Case sensitiveness of Passwords and not other attributes. So from this point of view there is no such separate rule applies during admin imposed password or during a change (the cases where system prompts for changing password).
    > > From NAS 7 there is a change in the password rules.
    > There were major changes in 46B, and 6.10 and 6.40 as well, and Karthika still has not told us which release she is on.
    >
    Agreed totally.
    > > [Note 750390 - USR02: various problems with password attributes|https://service.sap.com/sap/support/notes/750390]
    > > [Note 624635 - Error messages with password change using RFC function|https://service.sap.com/sap/support/notes/624635]
    > I cannot see how these notes are related to this silly requirement of setting a lower-case only password.
    >
    I didn't went through in details fully but seen it contains a considerable error details.... may be of any help to OP.
    > I think either Karthika is playing a joke on us, or the person interviewing Karthika is playing a joke on her... These would be the only logical explanations left which I can see for for such a requirement.
    >
    May be.. but of course need more information and purpose of such strictness for setting such password. Also the FM PASSWORD_FORMAL_CHECK can be used with required customizations but you are the best person to tell this properly.
    regards,
    Dipanjan

  • Not able to use password with characters for RFC User.

    hi All,
    I have installed SAP SCM 5.0 with MaxDB 7.6and liveCache 7.6.
    I created RFC user and RFC destination to administer liveCache globally as per SAP notes 305634 and 452745. I changed the initial passwords and tested Remote login for RFC User.
    But when I try to start liveCache with startrfc following the link below
    http://help.sap.com/erp2005_ehp_04/helpdata/EN/95/379f3cad1e3251e10000000a114084/frameset.htm
    I got the following error
    RFC Call/Exception: SYSTEM_FAILURE
    Group       Error group 104
    Key         RFC_ERROR_SYSTEM_FAILURE
    Message     Name or password is incorrect (repeat logon)
    Then I logged into the CI with RFC user and try to start the liveCache with RSLVCSTART T-Code SE38..I got the following error.
    Error DBMCLI_COMMAND_EXECUTE_ERROR when starting liveCache LCS on server saplcslc
    Message no. LVC007
    I tried by changing the password for RFC user to numeric [0-9] and special characters [$,:] which worked fine.
    Does anyone faced this issue earlier? I searched notes, sdn and finally google ... but no luck to resolve the issue.
    Your help is much appreciated.
    Thanks,
    Venkat

    Yes I used LCA as liveCache connection. I resolved the issue with RSLVCSTART. Thanks for your suggestion to run connection test. I used wrong password for control user in the LCA connection. Now LCA connection shows everything is fine.
    But I am still not able to use alphanumeric password RFC user to start the liveCache from command line. I get the following when run startrfc command...
    bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p Mach1cspsap\$ -l EN -F START_LIVECACHE_LVC -E IV_CON_NAME=LCA
    RFC Call/Exception: SYSTEM_FAILURE
    Group       Error group 104
    Key         RFC_ERROR_SYSTEM_FAILURE
    Message     Name or password is incorrect (repeat logon)
    bash-3.00$ echo $?
    1
    But I can start the liveCache from command line with numeric password successfully.
    bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p 19811983\$ -l EN -F STOP_LIVECACHE_LVC -E IV_CON_NAME=LCA
    bash-3.00$ echo $?
    0
    Note the difference between the passwords used. Do i need to change any settings to accept alphanumeric passwords for RFC user.
    Note that I am able to start liveCache server in both cases(alphanumeric password and numeric password) by logging into SAP GUI and RSLVCSTART program. The problem is only when i try to start the liveCache from the commandline.
    Any help will be much appreciated.
    Thanks,
    Venkat

  • Authorization Required for RFC user  in R/3-APO system.

    Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user  id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and  provide the required the authorization in R/3 and APO system.
    Regard
    Auroshikha

    The RFC authorisation depends completely on what the user is doing (ALEREMOTE?).  We can't tell you what RFC auths your connection requires. 
    There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections

  • Authorisations for a user in SM59

    Hi,
    I am in the process of configuring a SM59 ABAP connection  between two systems say A and B
    I have created user id in the System A and B
    I wanted to know teh roles and authorisations, to be present for a user to be used in SM59 ABAP Connection
    I dont want to give SAP_ALL(System User)
    I wanted this RFC connection to be used for CUA Configuraiton
    Please help

    while defining RFC you should use user of type System which can't be used for Dialog (Interactive) Login and hence there is no harm in providing SAP_ALL & SAP_NEW.
    If you want to define your own role still, then I would say there are few specific Objects need to be present as default... but the other are dependent on the type of connection and activities that RFC is going to perform. As a default, S_RFC, S_RFCACL, S_TABU_DIS (optional) are required.
    If you check the following notes, you will be understand the requirement of idealizing the Task in which the RFC is going to be involved.
    [ Note 338537 - RFC user authoriz. for data exchange R/3 back end <-> CRM|https://service.sap.com/sap/support/notes/338537]
    Similarly if it is going to use for IDoc processing:  [Note 325361 - IDoc processing authorizations|https://service.sap.com/sap/support/notes/325361]
    [Note 412309 - Authorization profile RFC user for IPC|https://service.sap.com/sap/support/notes/412309]
    Regards,
    Dipanjan

  • Access to some UDFs authorised for certain user

    Dear All,
    This issue made me confusing, it is about UDF access authorisation. Is it possible to authorise a certain user to open or view UDF ?For example : I have 5 UDFs that only can be used by sales dept user and 5 UDF's are for purchasing dept. How to authorized the UDFs according to its dept ? Thanks in advance.
    Rgds,

    Hi All,
    I managed to resolve this problem by using additional authorisation creator that using form ID 38 and then in the general authorisation --> user authorisation is set to no. if it is authorised per user name, the user will not able to open UDF settings (CtrlShiftB) except there is the same level with him/her that can open the document, I think the settings can be opened. I almost escalated this problem to SAP support.
    Tks for your all participations. More power to you...
    Rgds,

  • Authorizations needed for MAM 2.5 for RFC user and business users

    Hello all,
    We are using MAM 2.5 application but we are facing authorizations issues.
    It seems we have not enough authorizations on RFC user used between middleware system and back-end system located on the RFC destination MAM on the middleware.
    And we don't find any SAP document related to this customizing.
    Moreover is there any other or same document deals with authorizations needed on the back-end for each user using MAM on its mobile device ?
    Thank in advance,
    Eric GOURDOU

    Hello,
    Can you send me the errors you have?
    If you have a trusted connection, then each users need the authorization S_RFCACL .
    Other than that, I never had to set any authorization for the plant maintenance scenarios of MAM.
    Thank you,
    Julien.
    msc mobile Canada
    http://www.msc-mobile.com

  • Status Profile: Configuration required for authorisation based on user

    hi friends
    from the sale order , i configured the status profile for authorisation for release the item level .
    so what i do for cofiguration to give authorisation particular user(manager) and also not required for user(end user)
    with regards
    dinesh
    Edited by: code acess on Feb 28, 2011 6:22 AM

    hi ram
                     thanks, how i give authorisation for particular user.. i need configuration setting for authorisation. i dont know what i tell to Basis for authorisation.
    Consultant
    with regards
    dinesh

  • Password inconsistancy issue with RFC users in ECC 6.0 System after upgrade

    Hi,
    We have upgraded the system from 4.7 to ECC 6.0, but facing the password inconsistancy problem for RFC users. We have set the parameters like "login/min_password_lng" as "8" and "login/password_downwards_compatibility" as "3" & RFC user Type is "system". Could you please suggest how to resolve the password inconsistancy issue.

    Hi Chandan,
    you need to run the txn. SECSTORE and there it will shows you all the RFCs that have inconsistent passwords. Please maintain the correct passwords there.
    In case the existing passwords are no longer acceptable due to new security policies as per the new SAP version, you will have to change the password from SU01.
    Regards,
    Shitij

  • MM01 tcode for SD user with restriction to SD related codes only

    Dear Experts
    How can we assign MM01 Authorisation for SD user with a restriction that he can access only <b><u>SD RELATED MATERIAL ONLY</u></b> ?,     Why because the material master is same for   <u>MM Module</u>   and   <u>SD Module Product Master</u> also.
    There is no listing for Material Group parameter in the Material Object
    Material Type Object : M_MATE_MAR
    Material         Object : M_MATE_MAT
    Thanks in advance
    Please advise me.
    Regards
    PS Prasad

    Dear Corinne Müller 
    First of all, let me say Sorry for the late reply to your post.
    I have gone through the objects you have told to that particular SD User.
    He have been already assigned those objects.    But one thing I have observer
    here is the authorisation object you have given    M_MATE_WGR
    contains 2 parameters those are
    (01) Activity                       01, 02, 03
    (02) Authorization Group
    The above said (02) parameter does not contains any data to select in its dropdown box.   I think functional people does not created material groups
    while doing configuration part.
    So, here I can not distinguish the material whether it related to SD Module OR MM Module. And can not restrict user's to access TCode MM01 basing on their module related material only. Am I right ????
    Any further suggetions ?????
    Thanks for your reply.
    I am just learner in BASIS.   Kindly be in touch with my e-mail id.
    My E-Mail id : [email protected]
    Thanks once again
    PS Prasad

  • Changing RFC user

    Dear All,
    We are using SRM classic scenario process ( SRM 5)
    Accordig to SAP Note 938411 , we have to change the RFC user to RFCUSER ,
    (  It was SAPRFC) ,
    This change caused us a problem on creating SC ( Runtime Error " GETWA_NOT_ASSIGNED" on ST22).
    We appreciate to get more information on this issue.
    Best Regards,
    Moshe
    Message was edited by:
            Moshe Stein
    Message was edited by:
            Moshe Stein
    Message was edited by:
            Moshe Stein

    Hi
    <u>Which R/3 system version are you using ?</u>
    Please ensure the following settings have made made correctly in R/3 back-end system.
    <b>Be sure only ht follwoing changes as suggested in SAP OSS Note 938411  are done.</b>
    <u>FUNCTION BAPI_GOODSMVT_CREATE</u>
    <b>Delta 001Context Block </b>
    * map head to internal structure **************************************
      CALL FUNCTION 'MAP2I_B2017_GM_HEAD_01_TO_IMKP'
           EXPORTING
                BAPI2017_GM_HEAD_01 = GOODSMVT_HEADER
           CHANGING
                IMKPF               = S_IMKPF.
    <b>Delete Block</b> 
       S_IMKPF-USNAM = SY-UNAME.
    <b>Insert Block </b>
       IF SY-UNAME = 'RFCUSER'.
         S_IMKPF-USNAM = GOODSMVT_HEADER-PR_UNAME.
       ELSE.
         S_IMKPF-USNAM = SY-UNAME.
    Don't forget to activate the Function module   <u>FUNCTION BAPI_GOODSMVT_CREATE</u> after making the changes in R/3 backend.
    Also, Please read OSS Note for RFC User details.
    Note 642202 - EBP user admin: RFC user profile in back end/plug-in
    Do let me know.
    Hope this will definitely help.
    Regards
    - Atul

  • User has no authorisation for function group SYST?

    Hi All,
    I was trying to open Bex Analyzer in BI 7.0.
    I am getting the error as mentioned below:
    "User has no authorisation for function group SYST".
    Why is it so.
    Please reply.
    Thanks in Advance.

    Unless you have full authorizations (SAP_ALL / SAP_NEW) you have to grant authorizations for each activity.
    With PFCG, add the following RFC on Authorization Object S_RFC:
    RFC1
    RS*
    SDIFRUNTIME
    SYST
    SYSU
    Hope it helps
    GFV

  • RFC Users  & Authorisations

    In the profiles of the  RFC users it was noticed  that SAP_ALL was present. In order  to remove this, :
    1.its needed to know what other authorisations need to be assigned.
    2. This is the bottle neck. How does one understand which are the activites  that are being performed.
    Thanks

    george G wrote:george G wrote:george G wrote:george G wrote:>
    > Now here we trip  on a very important question point...How does the Unkown body of users get acess to the RFC id /pwd ?
    Chances are good that they do not need the id / pwd. They only need the name of the RFC destination (for which the id / pwd is saved in SM59, already) and the ability to run "the" or "an" interface (or generate a dialog session).
    Another option is not to save the logon data in the destination, and request that the current user running the interface in the source enter their own (valid) id / pwd for the target.
    >
    > Unless its compromised personally ?
    Not necessarily necessary, but that does often add a new dimension to the risk, as the folks have a wider choice of sources from which they can "run an interface" using the id, and a wider group of folks (who talk to each other...).
    >
    > What specifics are the potential impacts the compromised id do ?
    You mentioned before that it has SAP_ALL?? Go figure what that means...
    >
    > On the sidetrack , the auditors are moved  with RFC users !!  Why would that be , to my auditor I put forth the question the answer was " they are not Dialogue users !"
    See above (SAP_ALL). The user could change itself to a dialog user... I can think of approximatly 300 thousand reasons (just off the top of my head) why your auditors are <removed_by_moderator>
    Most likely they have, much like the interface user owner you described before, been told this and have not questioned it. Or the thought never crossed their minds that the id would not be required at all if it cannot "logon"...

  • Which user type to user for RFC receiver channel

    Hi Forum,
    I m developing XI scenarios which include RFC receiver chhanel (in IB: Integration Directory), to call a function moule in a R/3,
    which kind of user should i use for this purpose, i mean to say,
    which user type:
                    SYSTEM
                    Dialog
                    Communication
                    System
                    Reference
    and what should be the roles of that user,
    which type of the user doesnt gets locked, on wrong attempts

    Hi,
    Generally S_RFC and S_SERVICE authorizations  are nedded while calling RFC module from R3. Also check for role S_RFC_ADM
    The backend should have the authorization to execute the RFC on the backend.
    You can test the module in R3 and create a role using PFCG assign the tcode - SU53 (authorization check) and also assign the S_RFC and S_SERVICE to role.
    Refer
    RFC Logon user authorizations
    Question on service userid - for RFC call
    End User Authorizations and Roles
    Calling R3 RFC via http
    For RFC different authorization object is requried. You can ask your basis team to add the relevant authorization object in a new role and then add the new role to any existing service user or better create a new system user and add the role.
    Thanks
    swarup

  • RFC User for satellite systems

    Hello Gurus,
    I just wanted to ask about one issue. We are a SAP partner and using Solution Manager in VARs scenario. There are many systems of our customers connected to our Solution Manager..
    Now I want to ask about RFC user(s). As I see, in our Solution Manager there are many users(communications type C) with Synthax SOLMAN<system id> or something like that. It means basically, that we have for every particular customerS system one SOLMAN user for RFC(cust_scout) in our Solution Manager. My question is if we can replace all of these users with only one RFC user for all the systems and customers?
    Many thanks in advance for your help
    Miloslav Pudil
    IDS Scheer
    Prague
    Czech Republic

    >
    Miloslav Pudil wrote:
    > I just wanted to ask about one issue. We are a SAP partner and using Solution Manager in VARs scenario. There are many systems of our customers connected to our Solution Manager..
    > Now I want to ask about RFC user(s). As I see, in our Solution Manager there are many users(communications type C) with Synthax SOLMAN<system id> or something like that. It means basically, that we have for every particular customerS system one SOLMAN user for RFC(cust_scout) in our Solution Manager. My question is if we can replace all of these users with only one RFC user for all the systems and customers?
    Hi Miloslav,
    Technically, it will work that you define one common RFC user in your SolMan for communication (RFC BACK destination) from all connected managed systems.
    BUT, I would never recommend it.
    Once a managed system cause issues in your SolMan, you are not able (or at least it's much more difficult) to identify the managed system. Same happens, if a invalid password in the BACK destination leads to a locked user.
    My recommendation: Spend the extra effort in creating a user per managed system. Operation will be much easier later.
    See also this guide:
    [Activating EarlyWatch Alert [EWA] in End Customeru2019s System |http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000089947&_OBJECT=011000358700000567342009E]
    Best regards,
    Ruediger

Maybe you are looking for

  • Creating a restore image on an external drive with package install options

    Hi, I'm looking to use a combination of tools maybe Deploy Studio, System Image Utility etc to create an image that isn't Netbooted but rather on an external drive (a fast Thunderbolt raid enclosure) - a restorable image which will contain OSX setup

  • How to Determine Task Key based on Task Name?

    Hi all, I'm trying to implement addProcessTaskInstance and I can't seem to dynamically obtain the task key. I want to find this based on the task name since this will be consistent through environments, but due to multiple development streams going o

  • Problem with lm_sensors.

    My system is core i7 860 / asus p7p55d  Archlinux kernel 2.6.30 I'm install lm_sensors 3.1.1 but its seem doesn't work. When I run sensors-detect, the result is Driver `max6650':   * Bus `NVIDIA i2c adapter '     Busdriver `nvidia', I2C address 0x4b

  • WDTV Live connection help needed

    Hi, I just changed ISPs yesterday to BT Total Broadband, i've managed to get everything to connect ok, but I can't stream content over to my WDTV Live, it finds it on the  Home Network > Devices ok but when I go to find files over on my WDTV Live und

  • Why is Downloading Creative Cloud desktop taking so long?

    It is an unusually large file size, or are many people experiencing this issue? It seems to have been stalled for two hours - no movement. My internet connection is fine.