Replace RFC user ID of backend ERP docment

Similar Messages

• RFC user profile

  Hello,
  We are on SRM 5 and our RFC user to our backend is SAP_ALL.
  But for Sarbane Oaxley Controle we can't keep this SAP_ALL for this user.
  Does Someone knows wich profile or authorization we have to give to the RFC user?
  Thanks

  Hi,
  I am Putting the same information as per the note as per the note mentioned by Yaan(For those who dont have access for that note)
  <b>Solution</b>
  1. The RFC user should be created as a background user in the back-end system.
  2. If you do not want to use profile SAP_ALL for safety reasons, you can create your own profile with restricted basis authorizations:
  Call Transaction PFCG for the role maintenance and create your own role.
  In the role, go to the 'Authorizations' tab and choose 'Change Authorization Data'.
  Do not select ANY template on the dialog box.
  Choose menu option 'Edit -> Insert authorization(s) -> Full authorization' and confirm the dialog box 'Insert all authorizations' with 'Yes'.
  Choose menu option 'Utilities -> Technical names on'.
  For object class 'Basis  Administration' (BC_A), set the following authorization objects to inactive:
  System authorizations (S_ADMI_FCD)
  Authorizations: Check for roles (S_USER_AGR)
  User master maintenance: Authorizations (S_USER_AUT)
  User master maintenance: User groups (S_USER_GRP)
  Authorizations: Deactivate authorization objects globally (S_USER_OBJ)
  User master maintenance: Authorization profile (S_USER_PRO)
  Users: System specific assignment authorization checks (S_USER_SAS )
  User master maintenance: System for central user maintenance (S_USER_SYS )
  Authorizations: Transactions in roles (S_USER_TCD)
  Authorizations: Field values in roles (S_USER_VAL)
  For object class 'Basis  Development Environment' (BC_C), set the following authorization objects to inactive:
  ABAP Workbench (S_DEVELOP)
  Authorization for documentation maintenance via SE61 (S_DOKU_AUT)
  Maintenance of glossary and terminology objects (S_TERM_AUT)
  Authorization object for translation environment (S_TRANSLAT)
  Transport Organizer (S_TRANSPRT)
  Generate and save the authorizations, profiles and role.
  3. Assign the new role to your RFC user by using Transaction SU01.
  Cheers...
  Santosh

• Remove RFC calls between SRM and ERP

  Hi,
  Did any of you ever worked on removing RFC calls between SRM and ERP systems?
  Does SAP maintains a lost of these built-in RFC calls?
  What are the known constraints to replace them by webservice calls ?
  Thanks
  Yann

  Hi Yann,
  There is nothing on the SAP database for SRM and the backend using webservice.
  There is for connections to SRM catalog.
  I haven't heard anything about plans to change this.
  Hope this helps,
  Kind Regards,
  Matthew

• Invalid_jobdata when submitting job with rfc user

  Hi,
  I've created a function module in the erp system to remotly trigger a report program by a bw prossess chain.
  When running in the forground it works fine, but the runtime is so long that I want it as a background job.
  So I call job_open, job_submit, job_close in the function module. When I test the function module in the erp system with my dev user it opens a new job, adds a step and release correctly. It also runs fine if I intercept it in the debugger and change sy-uname to aleremote (the standard rfc user).
  It does not work when it's acctually called rfc from the bw system. The job is opened, but job_submit throws invalid_jobdata.
  Could this have anything to do with rfc or the executing user (which is of type SYSTEM)?

  I've caught the execption so there is no dump, but I'm unable to determine why the function module job_submit gives invalid_jobdata only when the executing user is the aleremote user and only when the call originated (the call to my module) from a remote system (the module job_submit is called locally thru my module). Authorization for the user is sap_all, but I was woundering maybe the user type system could be a problem?

• JCO getDefaultConnection() not using RFC user from XCM

  Hello,
  I am writing a custom backend class to call a custom function module in R3 to get some data. As this has to run before the application start page is loaded, I have used a exit before the /b2b/startapp.do is called.
  The problem here is that when I am using the getDefaultJCoConnection() method in the backend class which extends the IsaBackendBusinessObjectBaseSAP class, the JCO user is determined as the application user rather than the RFC user which I have configured in XCM. Because of this there is an authorization error as the application user does not have auth to the custom function group.
  I have written many other exits in the application and they are all working fine and picking up the RFC user which has relevant authorizations.
  Am I missing something here?
  Pradeep

  Thanks Easwar
  stateless was giving me other issues.
  I managed to solve the problem with the below code.
  ManagedConnectionFactoryConfig mConfig = (ManagedConnectionFactoryConfig)    (getConnectionFactory().getManagedConnectionFactoryConfigs().get("JCO"));
  Properties props = mConfig.getConnectionDefinition("ISA_COMPLETE").getProperties();
  connection = getDefaultJCoConnection(props);
  Pradeep

• RFC User for satellite systems

  Hello Gurus,
  I just wanted to ask about one issue. We are a SAP partner and using Solution Manager in VARs scenario. There are many systems of our customers connected to our Solution Manager..
  Now I want to ask about RFC user(s). As I see, in our Solution Manager there are many users(communications type C) with Synthax SOLMAN<system id> or something like that. It means basically, that we have for every particular customerS system one SOLMAN user for RFC(cust_scout) in our Solution Manager. My question is if we can replace all of these users with only one RFC user for all the systems and customers?
  Many thanks in advance for your help
  Miloslav Pudil
  IDS Scheer
  Prague
  Czech Republic

  >
  Miloslav Pudil wrote:
  > I just wanted to ask about one issue. We are a SAP partner and using Solution Manager in VARs scenario. There are many systems of our customers connected to our Solution Manager..
  > Now I want to ask about RFC user(s). As I see, in our Solution Manager there are many users(communications type C) with Synthax SOLMAN<system id> or something like that. It means basically, that we have for every particular customerS system one SOLMAN user for RFC(cust_scout) in our Solution Manager. My question is if we can replace all of these users with only one RFC user for all the systems and customers?
  Hi Miloslav,
  Technically, it will work that you define one common RFC user in your SolMan for communication (RFC BACK destination) from all connected managed systems.
  BUT, I would never recommend it.
  Once a managed system cause issues in your SolMan, you are not able (or at least it's much more difficult) to identify the managed system. Same happens, if a invalid password in the BACK destination leads to a locked user.
  My recommendation: Spend the extra effort in creating a user per managed system. Operation will be much easier later.
  See also this guide:
  [Activating EarlyWatch Alert [EWA] in End Customeru2019s System |http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000089947&_OBJECT=011000358700000567342009E]
  Best regards,
  Ruediger

• Changing RFC user

  Dear All,
  We are using SRM classic scenario process ( SRM 5)
  Accordig to SAP Note 938411 , we have to change the RFC user to RFCUSER ,
  (  It was SAPRFC) ,
  This change caused us a problem on creating SC ( Runtime Error " GETWA_NOT_ASSIGNED" on ST22).
  We appreciate to get more information on this issue.
  Best Regards,
  Moshe
  Message was edited by:
          Moshe Stein
  Message was edited by:
          Moshe Stein
  Message was edited by:
          Moshe Stein

  Hi
  <u>Which R/3 system version are you using ?</u>
  Please ensure the following settings have made made correctly in R/3 back-end system.
  <b>Be sure only ht follwoing changes as suggested in SAP OSS Note 938411  are done.</b>
  <u>FUNCTION BAPI_GOODSMVT_CREATE</u>
  <b>Delta 001Context Block </b>
  * map head to internal structure **************************************
    CALL FUNCTION 'MAP2I_B2017_GM_HEAD_01_TO_IMKP'
         EXPORTING
              BAPI2017_GM_HEAD_01 = GOODSMVT_HEADER
         CHANGING
              IMKPF               = S_IMKPF.
  <b>Delete Block</b> 
     S_IMKPF-USNAM = SY-UNAME.
  <b>Insert Block </b>
     IF SY-UNAME = 'RFCUSER'.
       S_IMKPF-USNAM = GOODSMVT_HEADER-PR_UNAME.
     ELSE.
       S_IMKPF-USNAM = SY-UNAME.
  Don't forget to activate the Function module   <u>FUNCTION BAPI_GOODSMVT_CREATE</u> after making the changes in R/3 backend.
  Also, Please read OSS Note for RFC User details.
  Note 642202 - EBP user admin: RFC user profile in back end/plug-in
  Do let me know.
  Hope this will definitely help.
  Regards
  - Atul

• Password inconsistancy issue with RFC users in ECC 6.0 System after upgrade

  Hi,
  We have upgraded the system from 4.7 to ECC 6.0, but facing the password inconsistancy problem for RFC users. We have set the parameters like "login/min_password_lng" as "8" and "login/password_downwards_compatibility" as "3" & RFC user Type is "system". Could you please suggest how to resolve the password inconsistancy issue.

  Hi Chandan,
  you need to run the txn. SECSTORE and there it will shows you all the RFCs that have inconsistent passwords. Please maintain the correct passwords there.
  In case the existing passwords are no longer acceptable due to new security policies as per the new SAP version, you will have to change the password from SU01.
  Regards,
  Shitij

• Mapping of single Portal users to multiple backend user

  Hello Experts,
  It is possible to map single portal user to the multiple R/3 user? If yes, than what is procedure to achieve it?
  I have a SAP Portal where some users have 2 user ID in ECC, but I need to in Portal the users have only one user ID and password. How can I do to these users can select between their 2 profiles in ECC? Is posible?
  Thanks!
  Regards

  Hi,
  This is not possible since  you would have used SSO to connect to the Backend. Either it is SSO or User Mapping is done, Portal User can only access the Backend with one User ID.
  If you use SSO, for Example if the Portal User is UserA then you would have the UserA in the Backend too. It will use the UserA in backend to access.  (Note: Single User can't access multiple Backend. Since we would have already maintained the Backend Connection details in the System and also in JCo Destination. So it is not possible for a User to access the Backend with two different Backends)
  If you use User Mapping, then you can decide the User which it should use. (For ESS/MSS this is not recommended and it is not feasible too).
  Regards,
  Baskar.N

• RFC function module always creating BPs with the same user name (RFC user )

  Hi All
  I posted the below question in a different area before. But thought it would be more suitable here.
  Moderators - Please let me know if am doing any mistake.
  Question:
  I have a RFC function module in CRM that creates Business Partners in ECC (XD01 tcode).
  I am using a dialog RFC destination configured in SM59 in CRM.
  But my RFC function module in CRM is always creating the Business Partners in ECC with the RFC user id (the user that we maintain for the RFC destination in SM59).
  This is a problem for the users because they are not able to track the actual person responsible for creating these Business Partners.
  Can somebody please let me know how to solve this problem?
  Thanks
  Raj

  Hi.
  You may use the trust relationship between CRM and R/3 and in SM59 instead of set a specific username, you set the flag "current user".
  With this flag, the system will access R/3 system with the user logged in CRM system. The Trust relationship must be created between CRM and R/3 in order to the system doesn't ask for a password to login in R/3.
  If you need more details please reply.
  Kind regards,
  Susana Messias

• Authorization Required for RFC user  in R/3-APO system.

  Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user  id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and  provide the required the authorization in R/3 and APO system.
  Regard
  Auroshikha

  The RFC authorisation depends completely on what the user is doing (ALEREMOTE?).  We can't tell you what RFC auths your connection requires. 
  There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections

• AUTO PO print out creates spool with RFC user.

  We have classic scenario where AUTO SRM PO print out spool is create with RFC user. While PO data is passing to R/3 is correct with correct user (created_by). Out put is created on the name with RFC user not with user who create SRM SC& PO. BADI BBP_CREATE_PO_BACK will help?

  Hi Vishal,
  Welcome to SDN.
  Do they use custom PO SAPScript/Smartform?
  If they do, you may want to check the print program (custom one) and the custom PO form. Perhaps there is some logic to set/display with the european decimal notation.
  If they don't, you can also check the print program setting and do debugging (if necessary) to find out the logic to assign european decimal notation. 
  Hope this will help.
  Regards,
  Ferry Lianto
  Please reward point if helpful.

• RFC User Type

  Hi
  Calling gurus.
  When gererating RFC users for the READ and TMW rfc's in Solution Manager users gets generated, and I know the user type is Communication user, however should you be forced to have to create your own users to use within this rfc would it be best to stick to communication user type, or could a system user type be used. 
  It is my understanding that logon via read rfc should not be allowed as it could be a security risk.
  If I am on the wron track please enlighten me or point me towards a conclusive best practice regarding this.
  Thanks in advance.

  Hello again Paul,
  1.-
  At the same 2008 manual "Activating the SAP EarlyWatch Alert on Solution Manager 7.0" yo can see on page 11 this:
  ...A working dialog connection such as *TRUSTED or LOGIN. Once the *BACK destination is created, these can be deleted again...
  This prerequisites are need for the creation ob RFC "_BACK" on remote system, but for remote call of sdccn the prerequisites on Page 15 are not enough !!!
  If you want to call remotely sdccn from solution manager you need a dialog trusted connection.
  I have just tested on our solution manager 5 minutes ago, you are invited to our solution manager if you want to check it.
  2.-
  What about this:
  My question is, Will take into account SAP this users for the "SAP Security user audit" ?
  Regards:
  Luis

• Web Dynpro ABAP application users need a backend su01 account?

  Hello Experts
  i have been searching the forums trying to determine if all Web Dynpro  ABAP application users need a backend su01 account?
  thank you for assisting,
  regards,
  Thabiso

  Solved

• Password for RFC USer

  Hi experts,
  We need to set the password for RFC User in small letters.But we are not able to do it ,because of our 'login/*' parameter values.
  Is there is any other method to create the password for User ID with small letters(Ex:welcome,hello)?
  Thanks in Advance,
  Karthika

  > > Login rules are not specific to user types. It is same for all type of users.
  > Sorry, this is not correct. The password validity rules are a good example which don't apply to SYSTEM and SERVICE type users. Other examples are the idle time rules and compliance to policy rules and the logon ticket rules and remote login via debugging rules and...
  >
  I tried to talk about is as per the ongoing discussion topic i.e. Case sensitiveness of Passwords and not other attributes. So from this point of view there is no such separate rule applies during admin imposed password or during a change (the cases where system prompts for changing password).
  > > From NAS 7 there is a change in the password rules.
  > There were major changes in 46B, and 6.10 and 6.40 as well, and Karthika still has not told us which release she is on.
  >
  Agreed totally.
  > > [Note 750390 - USR02: various problems with password attributes|https://service.sap.com/sap/support/notes/750390]
  > > [Note 624635 - Error messages with password change using RFC function|https://service.sap.com/sap/support/notes/624635]
  > I cannot see how these notes are related to this silly requirement of setting a lower-case only password.
  >
  I didn't went through in details fully but seen it contains a considerable error details.... may be of any help to OP.
  > I think either Karthika is playing a joke on us, or the person interviewing Karthika is playing a joke on her... These would be the only logical explanations left which I can see for for such a requirement.
  >
  May be.. but of course need more information and purpose of such strictness for setting such password. Also the FM PASSWORD_FORMAL_CHECK can be used with required customizations but you are the best person to tell this properly.
  regards,
  Dipanjan