Changing RFC user

Similar Messages

• Problem in RFC as JCO changed from user/password to  SSO

  Hi all
  Initially i was using CO with user/password properties but now it has been changed to SO.
  In my webdynpro project there are 3 RFC Models being used.
  Out of which 2 are working fine and giving the desired results but 1 RFC works fine on the R/3 side but from the webdynpro side it does not work just displays bapireturn - "Not successful".
  As the properties of the JCO changes to USer/password , the RFC works fine giving the desired results
  Plz let me know wht cld be the problem
  Thanks and Regards

  Vindhya,
  With SSO, the details of the user who's logged in goto R/3 and thus determines if the user has authorizations to run this RFC. This user could be different from the user you were using previously without SSO.
  Meaning, this time, with SSO, the user is you whereas the user for user/pwd is someone else and you dont have authorizations to run the RFC??
  And another thing, even if you can successfully run that RFC logging into R/3, your userid may not have RFC authorizations (which is required to do a RFC call). IF thats the case, you need to talk to your security/basis guys.
  Lemme know if that could be the case in your situation.
  Rajit
  Message was edited by:
          Rajit Srinivas

• RFC Adapter Receiver - change SAP User for each call

  Hi guys,
  I need to create one connection between PI and SAP, all right, i can use RFC Adapter Receiver, no problem.
  But, for each call i need to use User and Password different, then, I would pass SAP User and Password in my XML Payload.
  Can anybody help me, please?

  hi,
  >>But, for each call i need to use User and Password different, then, I would pass SAP User and Password in my XML Payload.
  sure we can help you but no in this way:)
  it is possible to change the user for RFC adapter but using
  principal propagation:
  /people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi
  this is the way you need to go and not send password in XML payload
  (this is certainly not the way and no client will approve it)
  why use a password is anyone can see it ?
  Regards,
  Michal Krawczyk

• Invalid_jobdata when submitting job with rfc user

  Hi,
  I've created a function module in the erp system to remotly trigger a report program by a bw prossess chain.
  When running in the forground it works fine, but the runtime is so long that I want it as a background job.
  So I call job_open, job_submit, job_close in the function module. When I test the function module in the erp system with my dev user it opens a new job, adds a step and release correctly. It also runs fine if I intercept it in the debugger and change sy-uname to aleremote (the standard rfc user).
  It does not work when it's acctually called rfc from the bw system. The job is opened, but job_submit throws invalid_jobdata.
  Could this have anything to do with rfc or the executing user (which is of type SYSTEM)?

  I've caught the execption so there is no dump, but I'm unable to determine why the function module job_submit gives invalid_jobdata only when the executing user is the aleremote user and only when the call originated (the call to my module) from a remote system (the module job_submit is called locally thru my module). Authorization for the user is sap_all, but I was woundering maybe the user type system could be a problem?

• Password inconsistancy issue with RFC users in ECC 6.0 System after upgrade

  Hi,
  We have upgraded the system from 4.7 to ECC 6.0, but facing the password inconsistancy problem for RFC users. We have set the parameters like "login/min_password_lng" as "8" and "login/password_downwards_compatibility" as "3" & RFC user Type is "system". Could you please suggest how to resolve the password inconsistancy issue.

  Hi Chandan,
  you need to run the txn. SECSTORE and there it will shows you all the RFCs that have inconsistent passwords. Please maintain the correct passwords there.
  In case the existing passwords are no longer acceptable due to new security policies as per the new SAP version, you will have to change the password from SU01.
  Regards,
  Shitij

• Password for RFC USer

  Hi experts,
  We need to set the password for RFC User in small letters.But we are not able to do it ,because of our 'login/*' parameter values.
  Is there is any other method to create the password for User ID with small letters(Ex:welcome,hello)?
  Thanks in Advance,
  Karthika

  > > Login rules are not specific to user types. It is same for all type of users.
  > Sorry, this is not correct. The password validity rules are a good example which don't apply to SYSTEM and SERVICE type users. Other examples are the idle time rules and compliance to policy rules and the logon ticket rules and remote login via debugging rules and...
  >
  I tried to talk about is as per the ongoing discussion topic i.e. Case sensitiveness of Passwords and not other attributes. So from this point of view there is no such separate rule applies during admin imposed password or during a change (the cases where system prompts for changing password).
  > > From NAS 7 there is a change in the password rules.
  > There were major changes in 46B, and 6.10 and 6.40 as well, and Karthika still has not told us which release she is on.
  >
  Agreed totally.
  > > [Note 750390 - USR02: various problems with password attributes|https://service.sap.com/sap/support/notes/750390]
  > > [Note 624635 - Error messages with password change using RFC function|https://service.sap.com/sap/support/notes/624635]
  > I cannot see how these notes are related to this silly requirement of setting a lower-case only password.
  >
  I didn't went through in details fully but seen it contains a considerable error details.... may be of any help to OP.
  > I think either Karthika is playing a joke on us, or the person interviewing Karthika is playing a joke on her... These would be the only logical explanations left which I can see for for such a requirement.
  >
  May be.. but of course need more information and purpose of such strictness for setting such password. Also the FM PASSWORD_FORMAL_CHECK can be used with required customizations but you are the best person to tell this properly.
  regards,
  Dipanjan

• Central User Administration (CUA): Remote Change of User

  Dear experts,
  I have following CUA scenario within my company:
  We have a CUA which provides a couple of R/3 daughter systems/clients. Further we have a HR system stand-alone-system which is also integrated in our CUA.
  I tried to create a ABAP on the HR system which is changing the user masta data (especially the roles of a user) on the CUA system via RFC BAPI´s on a regular basis. Unfortunately it´s doesn´t works, because I don´t know the correct BAPI´s to change die CUA data. BAPI_USER_ACTGROUPS_ASSIGN changes only the locale R/3 user roles...
  In my opinion the CUA specific user roles are in table USLA04 - which will be doesn´t changed.
  Maybe somebody had the same requirements in the past and can help me? Thank you in advance!
  My coding so far:
  REPORT  zzh_t_role_change_zbv.
  PARAMETER: i_pernr TYPE pernr-pernr DEFAULT '90000007',
             i_usrid TYPE sy-uname DEFAULT 'SCHEFFLM',
             i_date  TYPE sy-datum DEFAULT sy-datum.
  DATA: lt_bapi_return    TYPE STANDARD TABLE OF bapiret2,
        lt_profiles       TYPE STANDARD TABLE OF bapiprof,
        lt_activitygroups TYPE STANDARD TABLE OF bapiagr.
  DATA: ls_bapi_return    TYPE bapiret2,
        ls_profiles       TYPE bapiprof,
        ls_activitygroups TYPE bapiagr.
  DATA: lv_zbv_sysid     TYPE sy-sysid,
        lv_zbv_clnt      TYPE sy-mandt,
        lv_zbv_logsys    TYPE uszbvlndsc-sendsystem,
        lv_zbv_rfc_dest  TYPE rfcdes-rfcdest,
        lv_usrid_zbv_get(10).
  lv_usrid_zbv_get = i_usrid.
  *--- Zentrale Benutzerverwaltung: Zentralsystem des Users ermitteln ---*
  CALL FUNCTION 'SUSR_ZBV_CENTRALSYSTEM_GET'
    EXPORTING
      delivery_model           = lv_usrid_zbv_get
    IMPORTING
      central_system_sysid     = lv_zbv_sysid
      central_system_clnt      = lv_zbv_clnt
      central_system_logsys    = lv_zbv_logsys
      central_system_rfc_dest  = lv_zbv_rfc_dest
    EXCEPTIONS
      duplicate_central_system = 1
      new_system               = 2
      OTHERS                   = 3.
  *** Errorhandling
  IF sy-subrc NE 0.
  ENDIF.
  *--- Existenz des Benutzers prüfen ---*
  CLEAR: ls_bapi_return.
  CALL FUNCTION 'BAPI_USER_EXISTENCE_CHECK' DESTINATION lv_zbv_logsys
    EXPORTING
      username = i_usrid
    IMPORTING
      return   = ls_bapi_return.
  *** Errorhandling
  IF ls_bapi_return-id EQ '088'. "Benutzer existiert nicht
  *** close RFC connection
    CALL FUNCTION 'RFC_CONNECTION_CLOSE'
      EXPORTING
        destination = lv_zbv_logsys.
    EXIT.
  ENDIF.
  *--- Rollenzuordnungem zum Benutzer lesen ---*
  CLEAR: lt_bapi_return.
  ***************SUSR_ZBV_ROLES_RESOLVE
  CALL FUNCTION 'BAPI_USER_GET_DETAIL' DESTINATION lv_zbv_logsys
    EXPORTING
      username            = i_usrid
  * IMPORTING
  *   ADDRESS              =
  *   LASTMODIFIED         =
  *   ISLOCKED             =
    TABLES
     profiles             = lt_profiles
     activitygroups       = lt_activitygroups
     return               = lt_bapi_return.
  *** Errorhandling
  LOOP AT lt_bapi_return INTO ls_bapi_return.
  ENDLOOP.
  IF ( ls_bapi_return-type EQ 'A' ) OR
     ( ls_bapi_return-type EQ 'E' ).
  *** close RFC connection
    CALL FUNCTION 'RFC_CONNECTION_CLOSE'
      EXPORTING
        destination = lv_zbv_logsys.
    EXIT.
  ENDIF.
  *** Gültigkeitszeitraum von Rollenzuordnung setzen
  CLEAR: ls_activitygroups.
  LOOP AT lt_activitygroups INTO ls_activitygroups.
    ls_activitygroups-to_dat = i_date.
    MODIFY lt_activitygroups FROM ls_activitygroups.
    CLEAR: ls_activitygroups.
  ENDLOOP.
  *--- gesamte Aktivitätsgruppenzuordnung ändern (zeitlich abgrenzen) ---*
  CLEAR: lt_bapi_return.
  *SUSR_USER_LOCAGR_ACTGROUPS_ADD
  *SUSR_USER_CHANG
  *CALL FUNCTION 'BAPI_USER_ACTGROUPS_ASSIGN' DESTINATION lv_zbv_logsys
  *  EXPORTING
  *    username       = i_usrid
  *  TABLES
  *    activitygroups = lt_activitygroups
  *    return         = lt_bapi_return.
  *--->SUSR_USER_LOCAGR_ACTGROUPS_PUT
  *--->SUSR_USER_PROFS_BUFFER_SAVECHK
  *--->SUSR_ZBV_USER_SYSTEM_SAVE
  *--->SUSR_USER_BUFFERS_TO_DB 
  *--->SUSR_USER_GROUP_BUFFERS_TO_DB ????
  *--->SUSR_USER_PROFS_BUFFER_TO_DB ????
  *--->SUSR_USER_LOCPRO_BUFFER_TO_DB ????
  *--->SUSR_UM_USR_AGR_BUFFERS_TO_DB ????
  *--->SUSR_UM_USR_SYS_BUFFERS_TO_DB ????
  *--->SUSR_USER_AGR_BUFFER_TO_DB ????
  *--->SUSR_USER_LOCAGR_BUFFER_TO_DB ????
  *Anmerkung: Profile werden nicht berücksichtigt, da diese eigentlich nicht
  *mehr in Verwendung sein sollten (nur noch Rollen)
  *--- Rückverteilung der geänderten Userdaten an Tochtersysteme ---*
  *SUSR_ZBV_USER_SINGLE_SEND
  *SUSR_ZBV_USER_SEND_BACK
  *SUSR_USER_DISTRIBUTE
  *** close RFC connection
  CALL FUNCTION 'RFC_CONNECTION_CLOSE'
    EXPORTING
      destination = lv_zbv_logsys.

  Try BAPI_USER_LOCACTGROUPS_ASSIGN

• Password change RFC

  Hey guys,
  Could you please tell me that which standard RFC is being called to change the user password?

  Hi there,
  I would expect it to be either
  CRM_ISAI_IUSER_PASSWORD_CHANGE
  CRM_ISA_IUSER_CHANGE
  Regards
  Mark

• Not able to use password with characters for RFC User.

  hi All,
  I have installed SAP SCM 5.0 with MaxDB 7.6and liveCache 7.6.
  I created RFC user and RFC destination to administer liveCache globally as per SAP notes 305634 and 452745. I changed the initial passwords and tested Remote login for RFC User.
  But when I try to start liveCache with startrfc following the link below
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/95/379f3cad1e3251e10000000a114084/frameset.htm
  I got the following error
  RFC Call/Exception: SYSTEM_FAILURE
  Group       Error group 104
  Key         RFC_ERROR_SYSTEM_FAILURE
  Message     Name or password is incorrect (repeat logon)
  Then I logged into the CI with RFC user and try to start the liveCache with RSLVCSTART T-Code SE38..I got the following error.
  Error DBMCLI_COMMAND_EXECUTE_ERROR when starting liveCache LCS on server saplcslc
  Message no. LVC007
  I tried by changing the password for RFC user to numeric [0-9] and special characters [$,:] which worked fine.
  Does anyone faced this issue earlier? I searched notes, sdn and finally google ... but no luck to resolve the issue.
  Your help is much appreciated.
  Thanks,
  Venkat

  Yes I used LCA as liveCache connection. I resolved the issue with RSLVCSTART. Thanks for your suggestion to run connection test. I used wrong password for control user in the LCA connection. Now LCA connection shows everything is fine.
  But I am still not able to use alphanumeric password RFC user to start the liveCache from command line. I get the following when run startrfc command...
  bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p Mach1cspsap\$ -l EN -F START_LIVECACHE_LVC -E IV_CON_NAME=LCA
  RFC Call/Exception: SYSTEM_FAILURE
  Group       Error group 104
  Key         RFC_ERROR_SYSTEM_FAILURE
  Message     Name or password is incorrect (repeat logon)
  bash-3.00$ echo $?
  1
  But I can start the liveCache from command line with numeric password successfully.
  bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p 19811983\$ -l EN -F STOP_LIVECACHE_LVC -E IV_CON_NAME=LCA
  bash-3.00$ echo $?
  0
  Note the difference between the passwords used. Do i need to change any settings to accept alphanumeric passwords for RFC user.
  Note that I am able to start liveCache server in both cases(alphanumeric password and numeric password) by logging into SAP GUI and RSLVCSTART program. The problem is only when i try to start the liveCache from the commandline.
  Any help will be much appreciated.
  Thanks,
  Venkat

• RFC-User in ChangeLog of Processorders

  Dear all,
  when a process order is changed in R/3 that is already integrated to APO then (after the process order has been sent to APO and back) the userid mentioned in the change log is the RFC-User.
  Is there any chance to supress this?
  Implementing the user-exit at order creation wouldn't be the best solution in terms of performance I think...
  Thanks,
  Niko

  Hi Niko - I believe the only way to change this is to do so in a user exit by changing the user in the control parameter structure for the CIF queue. EXIT_SAPLCORD_005 of CIFORD03 provides the spot to do so. This change is minimal and if coded correctly will have no impact on performance. The user who triggered the CIF transfer is in the same structure is_ctrlparams so that field can be moved to the user name field. I have never changed the user name before so you may want to look for other tables in the user exit that have the user or changed by fields.
  Regards
  Andy

• Rfc user

  hello all
  i configure a RFC connection and a RFC user .
  in the logon data   , what type i need to put in the windows ? and why ?
  thanks for the help
  eyal

  Hello Eyal,
  RFC user must be confirgured as type SYSTEM.
  Because:
  It is not possible tto use this type of user for a dialog logon.
  Users of this type are excepted from the usual settings for the validity period of a password.
  Only user administrators can change the password.
  Regards,
  Ammey Kesarkar
  <i>'Award points for useful info'</i>

• RFC USER USER TYPE- SYSTEM/SERVICE?

  Hi,
  We are using CTP method of GATP.
  Currently our user type for RFCUSER (Usermentioned in rfc destination) is service? It allows dialog mode this is security concern for us as RFC USER as all authorisations.
  When we changed it to system user it is giving error while triggering GATP. Also there is dump in SCM system with message
  "DYNPRO_SEND_IN_BACKGROUND"
  "/SAPAPO/SAPLATP4" or " "
  "SYSTEM-EXIT".
  pls. suggest solution
  Regards,
  Santosh

  Hi,
  This info i took it from help library.
  If you want the ATP check to be performed in SAP APO but triggered from SAP R/3, make sure when
  defining the RFC connection of the SAP APO system in SAP R/3 that you use a user ID for the SAP APO
  system that was created there as a dialog user.
  Thanks,
  nandha

• RFC user profile

  Hello,
  We are on SRM 5 and our RFC user to our backend is SAP_ALL.
  But for Sarbane Oaxley Controle we can't keep this SAP_ALL for this user.
  Does Someone knows wich profile or authorization we have to give to the RFC user?
  Thanks

  Hi,
  I am Putting the same information as per the note as per the note mentioned by Yaan(For those who dont have access for that note)
  <b>Solution</b>
  1. The RFC user should be created as a background user in the back-end system.
  2. If you do not want to use profile SAP_ALL for safety reasons, you can create your own profile with restricted basis authorizations:
  Call Transaction PFCG for the role maintenance and create your own role.
  In the role, go to the 'Authorizations' tab and choose 'Change Authorization Data'.
  Do not select ANY template on the dialog box.
  Choose menu option 'Edit -> Insert authorization(s) -> Full authorization' and confirm the dialog box 'Insert all authorizations' with 'Yes'.
  Choose menu option 'Utilities -> Technical names on'.
  For object class 'Basis  Administration' (BC_A), set the following authorization objects to inactive:
  System authorizations (S_ADMI_FCD)
  Authorizations: Check for roles (S_USER_AGR)
  User master maintenance: Authorizations (S_USER_AUT)
  User master maintenance: User groups (S_USER_GRP)
  Authorizations: Deactivate authorization objects globally (S_USER_OBJ)
  User master maintenance: Authorization profile (S_USER_PRO)
  Users: System specific assignment authorization checks (S_USER_SAS )
  User master maintenance: System for central user maintenance (S_USER_SYS )
  Authorizations: Transactions in roles (S_USER_TCD)
  Authorizations: Field values in roles (S_USER_VAL)
  For object class 'Basis  Development Environment' (BC_C), set the following authorization objects to inactive:
  ABAP Workbench (S_DEVELOP)
  Authorization for documentation maintenance via SE61 (S_DOKU_AUT)
  Maintenance of glossary and terminology objects (S_TERM_AUT)
  Authorization object for translation environment (S_TRANSLAT)
  Transport Organizer (S_TRANSPRT)
  Generate and save the authorizations, profiles and role.
  3. Assign the new role to your RFC user by using Transaction SU01.
  Cheers...
  Santosh

• RFC user get's locked

  Hi experts,
                    We are using rfc_cua user for RFC communication between R/3 prd server and E-Rec prd server. Here issue is frequesntly rfc_cua user get's locked automatically. if we unlock the id it will work fine for one or two day and again it will get locked, There is no same amount of time  gap between locking of this ID every time time. Kindly help me how to trace this issue.
  Regards,
  Sampath.

  Are you using CUA or rfc user has been named just like that & what is E-Rec prd server .. is it SAP or something else ?
  Dont u find something in change log of this user ??
  thanks
  ashish

• Order not getting saved with RFC user

  Hi CRM experts,
  We have custom report to update payment card details in CRM order. For an error order when I try to update the card details in CRM it successfully deactivates the "Contains Error(I1030)" status and saves the order.
  Whereas the same error order when I try to update the card details through external system, the user is RFC user, the program does not deactivates the status I1030 and the order gets saved with error.
  Initially I thought it is an authorization issue with RFC user, so I tried applying SAP_ALL access to RFC user but it did not work.
  Kindly suggest the possible solution.
  Thanks in advance
  Meenu.

  Hi Meenu,
  The standard one order framework works in such a way that when any changes to any object like PARTNER , HEADER , ITEMS , CARDS etc take place, then after changes done, the system checks for any inconsistency for that particular object and displays error messages accordingly.
  At the next change, the check runs again and the messages are removed. The checks are run through the standard event framework of BEFORE and AFTER. So in case the error messages are not getting removed, it means that these events are not getting triggered properly. I think that you are using individual FM for changing the details which could be something like CRM*CARD*MAINTAIN*OW*, you can try using CRM_ORDER_MAINTAIN, as this FM triggers all events correctly.
  /Hasan