Rfc authorisations
hi could you please provide me info on rfc authorisations and different types of rfc connections
Remote Function Call (RFC) is the central SAP technology for exchanging data between SAP systems. It comprises the RFC interface and the RFC protocol.Various RFC types can be used, depending on the type of data transfer required. These RFC types all have different quality of service properties:
sRFC (synchronous RFC)
aRFC (asynchronous RFC)
tRFC (transactional RFC)
qRFC (queued RFC)
bgRFC (background RFC)
The below link will give you more insight into RFC concept
http://help.sap.com/saphelp_nw2004s/helpdata/en/45/0a385c7efd4574e10000000a114a6b/frameset.htm
Similar Messages
-
Authorization Required for RFC user in R/3-APO system.
Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and provide the required the authorization in R/3 and APO system.
Regard
AuroshikhaThe RFC authorisation depends completely on what the user is doing (ALEREMOTE?). We can't tell you what RFC auths your connection requires.
There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections -
Solution Manager Basic Setting, Get SAP Component fail
Dear All
When I execute Solution Manager initial configuration wizard on step:
Initial configuration part II, it comes out an error: Fetch SAP
Component fail.
Can anyone tell me what's the problem, thanks.
Steps for Reconstruction
1) SPRO => Basic Settings => Initial Configuration Part II
2) Err: SAP Service Marketplace error
3) manually: Get SAP Components => Edit => Fetch SAP Components => No
RFC Authorization
[http://www.mountain.org.tw/sap/090322/B/000.png]
[http://www.mountain.org.tw/sap/090322/B/010.png]
[http://www.mountain.org.tw/sap/090322/B/020.png]hello,
Check which user you are using. Use standard user with SAP_ALL authorisation in 000 client.
This is RFC authorisation issue.
Regards
Anju -
Authorization for RFCUSER for IDOC adapter
Hello,
who can tell me, which authorizations the RFC User must have I want to use for the IDOC adapter.
I have the problem, that I can not download the idoc definition into IDX2. Error: "No RFC authorisation..."
Is there a list of authorization this user MUST have.
best regards
Werner MagerlHi,
The thread speaks of the same issue.
User abcd has no RFC authorization for function group SYST
If it's of any help.
regards
Vijaya -
Hi,
when I try to save a Web Template this error appears:
Java system error: call FM RSWR_TEMPLATE_PROCESS_PROXY to ProgId ... on host ... with SSO not authorized: Authenticat.
Thanks in advance for all that can help.Hi,
Check your Abap - Java communication setup:
Note 983156 - BI configuration w. Template Installer.
Note 917950 - SAP NetWeaver 2004s: Setting Up BEx Web.
If this is all ok and you have still problems, check for dumps, or syslogs pointing
to (probably) missing authorisation on S-RFC authorisation object.
Regards, Patrick Rieken. -
Import RFCs from 3.1i system - Required authorisations
Hi,
I am trying to import some RFCs from a 3.1i system
However, I am getting the following error in XI when I try this :
Logon failed: You are not authorized to logon to the target system.
Can anyone tell me a list of all the authorisations required bearing in mind this is a 3.1i system so the XI roles will not exist as standard.
Cheers
Colin.hi Colin,
the user which will be used to import the metadata
needs to have:
auth to these groups :
As of 3.1H
RFC1, SG00, SRFC, SUNI, SYST
from:
Authorizations to Read Metadata on
http://help.sap.com/saphelp_nw04/helpdata/en/25/76cd3bae738826e10000000a11402f/content.htm
XI roles have nothing to do with that
as you're using user in the r3 system and not the XI
Regards,
michal -
In the profiles of the RFC users it was noticed that SAP_ALL was present. In order to remove this, :
1.its needed to know what other authorisations need to be assigned.
2. This is the bottle neck. How does one understand which are the activites that are being performed.
Thanksgeorge G wrote:george G wrote:george G wrote:george G wrote:>
> Now here we trip on a very important question point...How does the Unkown body of users get acess to the RFC id /pwd ?
Chances are good that they do not need the id / pwd. They only need the name of the RFC destination (for which the id / pwd is saved in SM59, already) and the ability to run "the" or "an" interface (or generate a dialog session).
Another option is not to save the logon data in the destination, and request that the current user running the interface in the source enter their own (valid) id / pwd for the target.
>
> Unless its compromised personally ?
Not necessarily necessary, but that does often add a new dimension to the risk, as the folks have a wider choice of sources from which they can "run an interface" using the id, and a wider group of folks (who talk to each other...).
>
> What specifics are the potential impacts the compromised id do ?
You mentioned before that it has SAP_ALL?? Go figure what that means...
>
> On the sidetrack , the auditors are moved with RFC users !! Why would that be , to my auditor I put forth the question the answer was " they are not Dialogue users !"
See above (SAP_ALL). The user could change itself to a dialog user... I can think of approximatly 300 thousand reasons (just off the top of my head) why your auditors are <removed_by_moderator>
Most likely they have, much like the interface user owner you described before, been told this and have not questioned it. Or the thought never crossed their minds that the id would not be required at all if it cannot "logon"... -
Hello,
Does anyone have an exhaustive list of the authorisations that should be granted to RFC users in GTS and for those in the Feeder Systems?
Thx,
MarcHi Marc
I haven't reached this stage yet, as you know.. from the question you have answered for me.
But I believe it is authorization to the object s_rfcacl. Can you check if it works ?
(In a similar situation we tried to give the user access to additional RFC authorizations or SAP_ALL and then once we found the rfc working... reduced the authorizations given to that user)
Is there any specific error that you get when you run the RFC authorization test ? -
How to render web items based on the authorisation profile of the user
Hello,
Is there any way to render web items based on the authorisation profile of the user. The only way i can think of is:
- Write ABAP to look up into the security mapping tables.
- Convert the ABAP report into RFC-Enabled FM. The selection variables will be part of the import/export parameters of FM and table can be used to display the result.
- Create HTML template using WAD, write Java Script to call the FM and map the import/export parameter. Display the result in Table.
But i don't know How to use the Java Script to call Function Module (FM) and get back the authorization through parameter.
Is anyone know about it or is there any other method to do it? I can't find any solution and it is very critical for me.
Any help is highly appreciated.
RajatHi Rajat,
Do you mean that you want certain users to be able to use only certain web items? I think you can use the libraries for that and assign them to roles:
http://help.sap.com/saphelp_nw04/helpdata/en/4e/0f813b420ce60ee10000000a114084/content.htm
Hope this helps... -
Problem while calling an RFC Function Module in Background
Hello,
I have created a RFC function module for reading data from an external DB system. The FM calls an external RFC program (coded in C++ using RFC SDK), which delivers the required data. This external program is maintainged as an TCP RFC Connection in SM59.
Further I have created a report, that calls the RFC function module to get the data from the external RFC programm.
My problem is, when I call the report in foreground, everything works OK, the RFC connection works and data can be read from the external program.
However, when I schedule the report to run in background as a job, the report is stating in the protocoll that there was a problem calling the defined RFC connection (although the connection is working properly at that time).
More funny is, this particular problem with running in background occurs only in the productive system, in test and development system the report works correctly also while running as a job in background.
Can you suggest the solution to this problem? Could it be something with authorisations or server settings?
I will be on holiday for the next 6 weeks, so take your time to answer .
Regards,
Dusan.
Edited by: Julius Bussche on Jan 22, 2009 7:19 PM
Please read the forum rules about u r g e n t ...This is an external RFC server program, not a remote enabled ABAP RFC function module as the others seem to be assuming, right?
Is it possible that your DEV and QAS systems only have one application server, but the PROD has many and dedicated one(s) for processing low priority background jobs?
It might be that the target server of your TCP connection is not this BTC instance, and your RFC server is returning the data "locally" - so, into nirvana...
Just guessing, but might be worth checking.
Cheers,
Julius -
RFC Error message when logging on to SMD
Hello Experts,
While installing SMD, the LMSERVICE and SAPISEM80.SAR, SAPISMM80.SAR have already been installed through SDM.
1- When I type http://hostname:8004/SMD and login with my username j2ee_admin and password, I get a blanck screen with following error message
"message.rfc_get_error",
"message.guid_text".
Can anyone let me know, how can I resolve this error message of "message.rfc_get_error"?
Also should I use the port no for SMD as 8004 or 50400?
Thanks,
HaleemDear Haleem,
Please follow the advice from the below link.
Solution Manager Diagnostics not ready to use
Authorisation Error in Solman Diagnostics
Definitely solve your problem ... specially with WEBADMIN RFC in ABAP and run DIAGSETUP.
Regards
Shailesh Mamidwar -
Hi all
Can anybody suggest me how to call the remote function module from a another SAP system. When i give the destination and call the FM it is opening a new GUI window promting user id and pwd.
Is there a way to skip this and call the remote FM.Hi Vijaya,
Your coding is probably already correct.
Where the issue will be is with the RFC destination. If the RFC destination is configured with a valid username and password then you will not be prompted with a logon screen.
To check the RFC destination is valid, use transaction SM59. Select the desired destination and go to change or display it. From the menubar you should see the option, Test->Test Authorisation. If you use this option and the test comes back ok then the destination is correct. If not, either a user is not maintained for the destination, or the user is invalid (locked, wrong password, etc.).
Hope that helps.
Brad
PS: Given my sarcastic response to your last thread, I'm ok if you dont award anything for this response!!!
Edited by: Brad Williams on Feb 21, 2008 6:10 PM - Fixed Typo! -
RFC trouble with satellite systems
Hi all.
When i imort transport request from Charm - DEV to QAS system or QAS to PRD system
Logon screen appers to 000 clientst.
BUT!
in SMSY when i check RFC to the QAS 000 and PRD 000.
Check says all okey and green.
Any ideas?? where should i check more ....
Thanks
SindryHi Sindry,
To allow import into a system using an automatic job via ChaRM you must assign additional authorisations to TMSADM on the satellite system. This trusted user must be granted authorisations to carry out the CTS import in client 000, otherwise it will prompt user for a 000 login. This is not recommended for Production system however.
To enable user to use the trusted RFC connection, must have access to S_RFCACL authorisation object.
Hope this helps
Paul -
Hi All,
I am getting the error "RFC destination R/3 Source does not exist., error key: RFC_ERROR_SYSTEM_FAILURE" when planning sequence (IP) is executed. Can some one help me please asap.
Regards
KiranHi,
Please go to sm59 and check if the RFC connection exists for this source system. If its there, please double click on it and on next screen, go to Menu bar and click on Test-> Connection and then test -> authorisation.
If you get any error, thats the reason. If you dont find the RFC at all, thats the reason why you got error.
You may also check WE20 for partner profile, whether it exists or not. -
Business content data source for BP Product (De)Authorisations & Terminate
Hi Experts......
Good evening!!!..
I do have one requirement for which im not getting any business content ds. Could you pl help me out in that ?
My requirement is like below.
Report is extracting SAP CRM contracts data:
u2022 This report lists the number (as a numerical count) and the Type of BP Contractual Relationships and the Product Groups (PPRs) they are able to sell under those BP Contractual Relationship Agreements (BPAs).
u2022 This report should also include (at the usersu2019 discretion) all Terminated BPAs and any de-authorised (Terminated) Product Groups.
u2022 The user should be able to decide whether the report includes Terminated BPAs and de-authorised Products ONLY.
Pre-Requisite BPA Contract has been accepted (Registered)
Pre-Requisite Include only changes to BPA contract (including Terminations and Product Group de-authorisations) which have been accepted (Registered) in CLM/Upside.
Pre-Requisite Do Not include changes (including Terminations and Product Group de-authorisations) to BPA which are u2018pendingu2019
ADDITIONAL DESCRIPTION
u2022 Channel Partners are called Business Partners by contract.
u2022 Some T2 Business Partners have contractual relationships with the company, while some may not; referred to as non-contracted T2u2019s.
u2022 These Contractual Relationships are regulated in Business Partner Agreements
u2022 BP Agreements outline the BPu2019s Relationship Type with IBM (e.g. Distributor/Reseller/Solution Provider) as well as the Product Groups (PPRs) that the BP has been authorised to sell under the BP Agreement Terms & Conditions with IBM.
u2022 The subject of this report is to report on the number (as a numerical count) and the Type of BP Contractual Relationships and the Product Groups (PPRs) the BP is authorised to sell under those BP Contractual Relationship Agreements (BPAs).
u2022 This report should also include (at the usersu2019 discretion) all Terminated BPAs and any de-authorised (Terminated) Product Groups (PPRs) previously associated with the BPA.
u2022 The user should be able to decide whether the report includes Terminated BPAs and de-authorised Products ONLY.
u2022 A BP can have multiple relationships with Company (e.g. Distributor and Solution Provider).
u2022 For each of these relationships the BP may have a separate BP Agreement (BPA) with company.
u2022 Both T1 and T2 BP Agreements are also stored as a system contract in CRM outlining:
o The Discounts a BP will get under the corresponding agreement
u2022 The BP Relationships are also reflected as a SAP Distribution Channel in SAP.
Waiting for your quick response....
Thanks in advance.Hi,
I think you need to recheck RFC created for QA system , i guess it contains IP Address of the Dev system . Which is why it leads to Dev system whenever you try to goto source system.
In case if dev, quality server are in the same server with different client then
Goto Transaction SM59,
Select RFC (Dialog ) and tabpage "Logon security" tick on logon screen
Hope that helps.
Regards
Mr Kapadia
Assigning points is the way to say thanks in SDN.
Maybe you are looking for
-
APD Failure with Exception condition "OBJECT_NOT_FOUND" raised.
Dear All, I am executing an APD in my system to clear the contents of 2 of its Fields in a Master data by loading data to itself and initializing the 2 fields that needs to be cleared off. I have executed the APD few times and am getting the same
-
Can't find or add previous event to calendar.
I have not updated to 8.1 yet. I KNOW that I had a calendar event on Sept. 22nd and many others that aren't showing up. I went back to add it [it' s important] and it won't 'take'. I toggled calendar off in settings and back on, restarted the iPhone
-
Error in the module RSQL accessing the database interface
I have written the following query. SELECT a~no a~hist_no a~chk_stat a~chk_date a~user as chk_user b~name as chk_by into corresponding fields of table hist from zhist as a INNER JOIN zus
-
HP8500 909g now refuses to print 2-sided
My printer, operating with Windows 7, has suddenly decided not to print 2-sided. It did fine before; I don't know of any change I made to the printer, although I have used a different computer with it. I have installed the HP software for the printer
-
Help with a basic dbx question
Solaris 10. DBX'ing a core file that was not compiled with any debugging information. When you do a basic "where", you typically get: [1] someFile::someFunction(arg1, arg2, arg3, arg4, arg5, arg6) at 0x5ab32x Can someone tell me what each of the addr