Changing RFC user
Dear All,
We are using SRM classic scenario process ( SRM 5)
Accordig to SAP Note 938411 , we have to change the RFC user to RFCUSER ,
( It was SAPRFC) ,
This change caused us a problem on creating SC ( Runtime Error " GETWA_NOT_ASSIGNED" on ST22).
We appreciate to get more information on this issue.
Best Regards,
Moshe
Message was edited by:
Moshe Stein
Message was edited by:
Moshe Stein
Message was edited by:
Moshe Stein
Hi
<u>Which R/3 system version are you using ?</u>
Please ensure the following settings have made made correctly in R/3 back-end system.
<b>Be sure only ht follwoing changes as suggested in SAP OSS Note 938411 are done.</b>
<u>FUNCTION BAPI_GOODSMVT_CREATE</u>
<b>Delta 001Context Block </b>
* map head to internal structure **************************************
CALL FUNCTION 'MAP2I_B2017_GM_HEAD_01_TO_IMKP'
EXPORTING
BAPI2017_GM_HEAD_01 = GOODSMVT_HEADER
CHANGING
IMKPF = S_IMKPF.
<b>Delete Block</b>
S_IMKPF-USNAM = SY-UNAME.
<b>Insert Block </b>
IF SY-UNAME = 'RFCUSER'.
S_IMKPF-USNAM = GOODSMVT_HEADER-PR_UNAME.
ELSE.
S_IMKPF-USNAM = SY-UNAME.
Don't forget to activate the Function module <u>FUNCTION BAPI_GOODSMVT_CREATE</u> after making the changes in R/3 backend.
Also, Please read OSS Note for RFC User details.
Note 642202 - EBP user admin: RFC user profile in back end/plug-in
Do let me know.
Hope this will definitely help.
Regards
- Atul
Similar Messages
-
Problem in RFC as JCO changed from user/password to SSO
Hi all
Initially i was using CO with user/password properties but now it has been changed to SO.
In my webdynpro project there are 3 RFC Models being used.
Out of which 2 are working fine and giving the desired results but 1 RFC works fine on the R/3 side but from the webdynpro side it does not work just displays bapireturn - "Not successful".
As the properties of the JCO changes to USer/password , the RFC works fine giving the desired results
Plz let me know wht cld be the problem
Thanks and RegardsVindhya,
With SSO, the details of the user who's logged in goto R/3 and thus determines if the user has authorizations to run this RFC. This user could be different from the user you were using previously without SSO.
Meaning, this time, with SSO, the user is you whereas the user for user/pwd is someone else and you dont have authorizations to run the RFC??
And another thing, even if you can successfully run that RFC logging into R/3, your userid may not have RFC authorizations (which is required to do a RFC call). IF thats the case, you need to talk to your security/basis guys.
Lemme know if that could be the case in your situation.
Rajit
Message was edited by:
Rajit Srinivas -
RFC Adapter Receiver - change SAP User for each call
Hi guys,
I need to create one connection between PI and SAP, all right, i can use RFC Adapter Receiver, no problem.
But, for each call i need to use User and Password different, then, I would pass SAP User and Password in my XML Payload.
Can anybody help me, please?hi,
>>But, for each call i need to use User and Password different, then, I would pass SAP User and Password in my XML Payload.
sure we can help you but no in this way:)
it is possible to change the user for RFC adapter but using
principal propagation:
/people/alexander.bundschuh/blog/2007/01/16/principal-propagation-in-sap-xi
this is the way you need to go and not send password in XML payload
(this is certainly not the way and no client will approve it)
why use a password is anyone can see it ?
Regards,
Michal Krawczyk -
Invalid_jobdata when submitting job with rfc user
Hi,
I've created a function module in the erp system to remotly trigger a report program by a bw prossess chain.
When running in the forground it works fine, but the runtime is so long that I want it as a background job.
So I call job_open, job_submit, job_close in the function module. When I test the function module in the erp system with my dev user it opens a new job, adds a step and release correctly. It also runs fine if I intercept it in the debugger and change sy-uname to aleremote (the standard rfc user).
It does not work when it's acctually called rfc from the bw system. The job is opened, but job_submit throws invalid_jobdata.
Could this have anything to do with rfc or the executing user (which is of type SYSTEM)?I've caught the execption so there is no dump, but I'm unable to determine why the function module job_submit gives invalid_jobdata only when the executing user is the aleremote user and only when the call originated (the call to my module) from a remote system (the module job_submit is called locally thru my module). Authorization for the user is sap_all, but I was woundering maybe the user type system could be a problem?
-
Password inconsistancy issue with RFC users in ECC 6.0 System after upgrade
Hi,
We have upgraded the system from 4.7 to ECC 6.0, but facing the password inconsistancy problem for RFC users. We have set the parameters like "login/min_password_lng" as "8" and "login/password_downwards_compatibility" as "3" & RFC user Type is "system". Could you please suggest how to resolve the password inconsistancy issue.Hi Chandan,
you need to run the txn. SECSTORE and there it will shows you all the RFCs that have inconsistent passwords. Please maintain the correct passwords there.
In case the existing passwords are no longer acceptable due to new security policies as per the new SAP version, you will have to change the password from SU01.
Regards,
Shitij -
Hi experts,
We need to set the password for RFC User in small letters.But we are not able to do it ,because of our 'login/*' parameter values.
Is there is any other method to create the password for User ID with small letters(Ex:welcome,hello)?
Thanks in Advance,
Karthika> > Login rules are not specific to user types. It is same for all type of users.
> Sorry, this is not correct. The password validity rules are a good example which don't apply to SYSTEM and SERVICE type users. Other examples are the idle time rules and compliance to policy rules and the logon ticket rules and remote login via debugging rules and...
>
I tried to talk about is as per the ongoing discussion topic i.e. Case sensitiveness of Passwords and not other attributes. So from this point of view there is no such separate rule applies during admin imposed password or during a change (the cases where system prompts for changing password).
> > From NAS 7 there is a change in the password rules.
> There were major changes in 46B, and 6.10 and 6.40 as well, and Karthika still has not told us which release she is on.
>
Agreed totally.
> > [Note 750390 - USR02: various problems with password attributes|https://service.sap.com/sap/support/notes/750390]
> > [Note 624635 - Error messages with password change using RFC function|https://service.sap.com/sap/support/notes/624635]
> I cannot see how these notes are related to this silly requirement of setting a lower-case only password.
>
I didn't went through in details fully but seen it contains a considerable error details.... may be of any help to OP.
> I think either Karthika is playing a joke on us, or the person interviewing Karthika is playing a joke on her... These would be the only logical explanations left which I can see for for such a requirement.
>
May be.. but of course need more information and purpose of such strictness for setting such password. Also the FM PASSWORD_FORMAL_CHECK can be used with required customizations but you are the best person to tell this properly.
regards,
Dipanjan -
Central User Administration (CUA): Remote Change of User
Dear experts,
I have following CUA scenario within my company:
We have a CUA which provides a couple of R/3 daughter systems/clients. Further we have a HR system stand-alone-system which is also integrated in our CUA.
I tried to create a ABAP on the HR system which is changing the user masta data (especially the roles of a user) on the CUA system via RFC BAPI´s on a regular basis. Unfortunately it´s doesn´t works, because I don´t know the correct BAPI´s to change die CUA data. BAPI_USER_ACTGROUPS_ASSIGN changes only the locale R/3 user roles...
In my opinion the CUA specific user roles are in table USLA04 - which will be doesn´t changed.
Maybe somebody had the same requirements in the past and can help me? Thank you in advance!
My coding so far:
REPORT zzh_t_role_change_zbv.
PARAMETER: i_pernr TYPE pernr-pernr DEFAULT '90000007',
i_usrid TYPE sy-uname DEFAULT 'SCHEFFLM',
i_date TYPE sy-datum DEFAULT sy-datum.
DATA: lt_bapi_return TYPE STANDARD TABLE OF bapiret2,
lt_profiles TYPE STANDARD TABLE OF bapiprof,
lt_activitygroups TYPE STANDARD TABLE OF bapiagr.
DATA: ls_bapi_return TYPE bapiret2,
ls_profiles TYPE bapiprof,
ls_activitygroups TYPE bapiagr.
DATA: lv_zbv_sysid TYPE sy-sysid,
lv_zbv_clnt TYPE sy-mandt,
lv_zbv_logsys TYPE uszbvlndsc-sendsystem,
lv_zbv_rfc_dest TYPE rfcdes-rfcdest,
lv_usrid_zbv_get(10).
lv_usrid_zbv_get = i_usrid.
*--- Zentrale Benutzerverwaltung: Zentralsystem des Users ermitteln ---*
CALL FUNCTION 'SUSR_ZBV_CENTRALSYSTEM_GET'
EXPORTING
delivery_model = lv_usrid_zbv_get
IMPORTING
central_system_sysid = lv_zbv_sysid
central_system_clnt = lv_zbv_clnt
central_system_logsys = lv_zbv_logsys
central_system_rfc_dest = lv_zbv_rfc_dest
EXCEPTIONS
duplicate_central_system = 1
new_system = 2
OTHERS = 3.
*** Errorhandling
IF sy-subrc NE 0.
ENDIF.
*--- Existenz des Benutzers prüfen ---*
CLEAR: ls_bapi_return.
CALL FUNCTION 'BAPI_USER_EXISTENCE_CHECK' DESTINATION lv_zbv_logsys
EXPORTING
username = i_usrid
IMPORTING
return = ls_bapi_return.
*** Errorhandling
IF ls_bapi_return-id EQ '088'. "Benutzer existiert nicht
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
EXPORTING
destination = lv_zbv_logsys.
EXIT.
ENDIF.
*--- Rollenzuordnungem zum Benutzer lesen ---*
CLEAR: lt_bapi_return.
***************SUSR_ZBV_ROLES_RESOLVE
CALL FUNCTION 'BAPI_USER_GET_DETAIL' DESTINATION lv_zbv_logsys
EXPORTING
username = i_usrid
* IMPORTING
* ADDRESS =
* LASTMODIFIED =
* ISLOCKED =
TABLES
profiles = lt_profiles
activitygroups = lt_activitygroups
return = lt_bapi_return.
*** Errorhandling
LOOP AT lt_bapi_return INTO ls_bapi_return.
ENDLOOP.
IF ( ls_bapi_return-type EQ 'A' ) OR
( ls_bapi_return-type EQ 'E' ).
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
EXPORTING
destination = lv_zbv_logsys.
EXIT.
ENDIF.
*** Gültigkeitszeitraum von Rollenzuordnung setzen
CLEAR: ls_activitygroups.
LOOP AT lt_activitygroups INTO ls_activitygroups.
ls_activitygroups-to_dat = i_date.
MODIFY lt_activitygroups FROM ls_activitygroups.
CLEAR: ls_activitygroups.
ENDLOOP.
*--- gesamte Aktivitätsgruppenzuordnung ändern (zeitlich abgrenzen) ---*
CLEAR: lt_bapi_return.
*SUSR_USER_LOCAGR_ACTGROUPS_ADD
*SUSR_USER_CHANG
*CALL FUNCTION 'BAPI_USER_ACTGROUPS_ASSIGN' DESTINATION lv_zbv_logsys
* EXPORTING
* username = i_usrid
* TABLES
* activitygroups = lt_activitygroups
* return = lt_bapi_return.
*--->SUSR_USER_LOCAGR_ACTGROUPS_PUT
*--->SUSR_USER_PROFS_BUFFER_SAVECHK
*--->SUSR_ZBV_USER_SYSTEM_SAVE
*--->SUSR_USER_BUFFERS_TO_DB
*--->SUSR_USER_GROUP_BUFFERS_TO_DB ????
*--->SUSR_USER_PROFS_BUFFER_TO_DB ????
*--->SUSR_USER_LOCPRO_BUFFER_TO_DB ????
*--->SUSR_UM_USR_AGR_BUFFERS_TO_DB ????
*--->SUSR_UM_USR_SYS_BUFFERS_TO_DB ????
*--->SUSR_USER_AGR_BUFFER_TO_DB ????
*--->SUSR_USER_LOCAGR_BUFFER_TO_DB ????
*Anmerkung: Profile werden nicht berücksichtigt, da diese eigentlich nicht
*mehr in Verwendung sein sollten (nur noch Rollen)
*--- Rückverteilung der geänderten Userdaten an Tochtersysteme ---*
*SUSR_ZBV_USER_SINGLE_SEND
*SUSR_ZBV_USER_SEND_BACK
*SUSR_USER_DISTRIBUTE
*** close RFC connection
CALL FUNCTION 'RFC_CONNECTION_CLOSE'
EXPORTING
destination = lv_zbv_logsys.Try BAPI_USER_LOCACTGROUPS_ASSIGN
-
Hey guys,
Could you please tell me that which standard RFC is being called to change the user password?Hi there,
I would expect it to be either
CRM_ISAI_IUSER_PASSWORD_CHANGE
CRM_ISA_IUSER_CHANGE
Regards
Mark -
Not able to use password with characters for RFC User.
hi All,
I have installed SAP SCM 5.0 with MaxDB 7.6and liveCache 7.6.
I created RFC user and RFC destination to administer liveCache globally as per SAP notes 305634 and 452745. I changed the initial passwords and tested Remote login for RFC User.
But when I try to start liveCache with startrfc following the link below
http://help.sap.com/erp2005_ehp_04/helpdata/EN/95/379f3cad1e3251e10000000a114084/frameset.htm
I got the following error
RFC Call/Exception: SYSTEM_FAILURE
Group Error group 104
Key RFC_ERROR_SYSTEM_FAILURE
Message Name or password is incorrect (repeat logon)
Then I logged into the CI with RFC user and try to start the liveCache with RSLVCSTART T-Code SE38..I got the following error.
Error DBMCLI_COMMAND_EXECUTE_ERROR when starting liveCache LCS on server saplcslc
Message no. LVC007
I tried by changing the password for RFC user to numeric [0-9] and special characters [$,:] which worked fine.
Does anyone faced this issue earlier? I searched notes, sdn and finally google ... but no luck to resolve the issue.
Your help is much appreciated.
Thanks,
VenkatYes I used LCA as liveCache connection. I resolved the issue with RSLVCSTART. Thanks for your suggestion to run connection test. I used wrong password for control user in the LCA connection. Now LCA connection shows everything is fine.
But I am still not able to use alphanumeric password RFC user to start the liveCache from command line. I get the following when run startrfc command...
bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p Mach1cspsap\$ -l EN -F START_LIVECACHE_LVC -E IV_CON_NAME=LCA
RFC Call/Exception: SYSTEM_FAILURE
Group Error group 104
Key RFC_ERROR_SYSTEM_FAILURE
Message Name or password is incorrect (repeat logon)
bash-3.00$ echo $?
1
But I can start the liveCache from command line with numeric password successfully.
bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p 19811983\$ -l EN -F STOP_LIVECACHE_LVC -E IV_CON_NAME=LCA
bash-3.00$ echo $?
0
Note the difference between the passwords used. Do i need to change any settings to accept alphanumeric passwords for RFC user.
Note that I am able to start liveCache server in both cases(alphanumeric password and numeric password) by logging into SAP GUI and RSLVCSTART program. The problem is only when i try to start the liveCache from the commandline.
Any help will be much appreciated.
Thanks,
Venkat -
RFC-User in ChangeLog of Processorders
Dear all,
when a process order is changed in R/3 that is already integrated to APO then (after the process order has been sent to APO and back) the userid mentioned in the change log is the RFC-User.
Is there any chance to supress this?
Implementing the user-exit at order creation wouldn't be the best solution in terms of performance I think...
Thanks,
NikoHi Niko - I believe the only way to change this is to do so in a user exit by changing the user in the control parameter structure for the CIF queue. EXIT_SAPLCORD_005 of CIFORD03 provides the spot to do so. This change is minimal and if coded correctly will have no impact on performance. The user who triggered the CIF transfer is in the same structure is_ctrlparams so that field can be moved to the user name field. I have never changed the user name before so you may want to look for other tables in the user exit that have the user or changed by fields.
Regards
Andy -
hello all
i configure a RFC connection and a RFC user .
in the logon data , what type i need to put in the windows ? and why ?
thanks for the help
eyalHello Eyal,
RFC user must be confirgured as type SYSTEM.
Because:
It is not possible tto use this type of user for a dialog logon.
Users of this type are excepted from the usual settings for the validity period of a password.
Only user administrators can change the password.
Regards,
Ammey Kesarkar
<i>'Award points for useful info'</i> -
RFC USER USER TYPE- SYSTEM/SERVICE?
Hi,
We are using CTP method of GATP.
Currently our user type for RFCUSER (Usermentioned in rfc destination) is service? It allows dialog mode this is security concern for us as RFC USER as all authorisations.
When we changed it to system user it is giving error while triggering GATP. Also there is dump in SCM system with message
"DYNPRO_SEND_IN_BACKGROUND"
"/SAPAPO/SAPLATP4" or " "
"SYSTEM-EXIT".
pls. suggest solution
Regards,
SantoshHi,
This info i took it from help library.
If you want the ATP check to be performed in SAP APO but triggered from SAP R/3, make sure when
defining the RFC connection of the SAP APO system in SAP R/3 that you use a user ID for the SAP APO
system that was created there as a dialog user.
Thanks,
nandha -
Hello,
We are on SRM 5 and our RFC user to our backend is SAP_ALL.
But for Sarbane Oaxley Controle we can't keep this SAP_ALL for this user.
Does Someone knows wich profile or authorization we have to give to the RFC user?
ThanksHi,
I am Putting the same information as per the note as per the note mentioned by Yaan(For those who dont have access for that note)
<b>Solution</b>
1. The RFC user should be created as a background user in the back-end system.
2. If you do not want to use profile SAP_ALL for safety reasons, you can create your own profile with restricted basis authorizations:
Call Transaction PFCG for the role maintenance and create your own role.
In the role, go to the 'Authorizations' tab and choose 'Change Authorization Data'.
Do not select ANY template on the dialog box.
Choose menu option 'Edit -> Insert authorization(s) -> Full authorization' and confirm the dialog box 'Insert all authorizations' with 'Yes'.
Choose menu option 'Utilities -> Technical names on'.
For object class 'Basis Administration' (BC_A), set the following authorization objects to inactive:
System authorizations (S_ADMI_FCD)
Authorizations: Check for roles (S_USER_AGR)
User master maintenance: Authorizations (S_USER_AUT)
User master maintenance: User groups (S_USER_GRP)
Authorizations: Deactivate authorization objects globally (S_USER_OBJ)
User master maintenance: Authorization profile (S_USER_PRO)
Users: System specific assignment authorization checks (S_USER_SAS )
User master maintenance: System for central user maintenance (S_USER_SYS )
Authorizations: Transactions in roles (S_USER_TCD)
Authorizations: Field values in roles (S_USER_VAL)
For object class 'Basis Development Environment' (BC_C), set the following authorization objects to inactive:
ABAP Workbench (S_DEVELOP)
Authorization for documentation maintenance via SE61 (S_DOKU_AUT)
Maintenance of glossary and terminology objects (S_TERM_AUT)
Authorization object for translation environment (S_TRANSLAT)
Transport Organizer (S_TRANSPRT)
Generate and save the authorizations, profiles and role.
3. Assign the new role to your RFC user by using Transaction SU01.
Cheers...
Santosh -
Hi experts,
We are using rfc_cua user for RFC communication between R/3 prd server and E-Rec prd server. Here issue is frequesntly rfc_cua user get's locked automatically. if we unlock the id it will work fine for one or two day and again it will get locked, There is no same amount of time gap between locking of this ID every time time. Kindly help me how to trace this issue.
Regards,
Sampath.Are you using CUA or rfc user has been named just like that & what is E-Rec prd server .. is it SAP or something else ?
Dont u find something in change log of this user ??
thanks
ashish -
Order not getting saved with RFC user
Hi CRM experts,
We have custom report to update payment card details in CRM order. For an error order when I try to update the card details in CRM it successfully deactivates the "Contains Error(I1030)" status and saves the order.
Whereas the same error order when I try to update the card details through external system, the user is RFC user, the program does not deactivates the status I1030 and the order gets saved with error.
Initially I thought it is an authorization issue with RFC user, so I tried applying SAP_ALL access to RFC user but it did not work.
Kindly suggest the possible solution.
Thanks in advance
Meenu.Hi Meenu,
The standard one order framework works in such a way that when any changes to any object like PARTNER , HEADER , ITEMS , CARDS etc take place, then after changes done, the system checks for any inconsistency for that particular object and displays error messages accordingly.
At the next change, the check runs again and the messages are removed. The checks are run through the standard event framework of BEFORE and AFTER. So in case the error messages are not getting removed, it means that these events are not getting triggered properly. I think that you are using individual FM for changing the details which could be something like CRM*CARD*MAINTAIN*OW*, you can try using CRM_ORDER_MAINTAIN, as this FM triggers all events correctly.
/Hasan
Maybe you are looking for
-
Hi all, I have a 2013 farm set up with the App model 1 web application for path based site collection using host name 1 web application with SSL (no host name) 1 web application for mysite My business request is that I need to migrate SSL enabled 20
-
How do i transfer photos from camera roll to photostream on my iPad2?
I have 100s of pics on my iPad2 and set up Photostream ages ago, but only 2 pics are on it. I want to transfer all of my photos to Photostream so they appear in iCloud and so I can delete them from iPad2 and free up storage space. How do I do this?
-
Cannot access common websites security certificate not trusted
I am unable to get to many frequently accessed websites from either Chrome or Safari due to Security Certificate Trust issues. I have been attempting to access Paypal all afternoon without success, as there is no "Proceed anyway" button. I was only a
-
R3 (rfc-sender) - XI - Webservice ( soap-receiver) Alert monitoring
Hi, I am getting multple(two times) alerts for same message id when interface got failed, i am getting total 4 e-mails to my Inbox mail. Any one can plese suggest me to get single message for entire interface when it gets failed. Thanks, Siva
-
Replication of 'Variant' data from R/3 (ECC) to CRM
Hi all, We are trying to replicate entries in R/3 tables CAWN and CABN whith Class type '300' (Variant). We have replicated (R3AS) the objects 'Class' and 'Attribute' but cannot find the information in CRM afterwards. The status is in SMW01 is green