Rfc authorisations

Similar Messages

• Authorization Required for RFC user  in R/3-APO system.

  Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user  id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and  provide the required the authorization in R/3 and APO system.
  Regard
  Auroshikha

  The RFC authorisation depends completely on what the user is doing (ALEREMOTE?).  We can't tell you what RFC auths your connection requires. 
  There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections

• Solution Manager Basic Setting, Get SAP Component fail

  Dear All
  When I execute Solution Manager initial configuration wizard on step:
  Initial configuration part II, it comes out an error: Fetch SAP
  Component fail.
  Can anyone tell me what's the problem, thanks.
  Steps for Reconstruction    
  1) SPRO => Basic Settings => Initial Configuration Part II
  2) Err: SAP Service Marketplace error
  3) manually: Get SAP Components => Edit => Fetch SAP Components => No
  RFC Authorization
  [http://www.mountain.org.tw/sap/090322/B/000.png]
  [http://www.mountain.org.tw/sap/090322/B/010.png]
  [http://www.mountain.org.tw/sap/090322/B/020.png]

  hello,
  Check which user you are using. Use standard user with SAP_ALL authorisation in 000 client.
  This is RFC authorisation issue.
  Regards
  Anju

• Authorization for RFCUSER for IDOC adapter

  Hello,
  who can tell me, which authorizations the RFC User must have I want to use for the IDOC adapter.
  I have the problem, that I can not download the idoc definition into IDX2. Error: "No RFC authorisation..."
  Is there a list of authorization this user MUST have.
  best regards
  Werner Magerl

  Hi,
  The thread speaks of the same issue.
  User abcd has no RFC authorization for function group SYST
  If it's of any help.
  regards
  Vijaya

• Error saving Web Template

  Hi,
  when I try to save a Web Template this error appears:
  Java system error: call FM RSWR_TEMPLATE_PROCESS_PROXY to ProgId ... on host ... with SSO not authorized: Authenticat.
  Thanks in advance for all that can help.

  Hi,
  Check your Abap - Java communication setup:
  Note 983156 - BI configuration w. Template Installer.
  Note 917950 - SAP NetWeaver 2004s: Setting Up BEx Web.
  If this is all ok and you have still problems, check for dumps, or syslogs pointing
  to (probably) missing authorisation on S-RFC authorisation object.
  Regards, Patrick Rieken.

• Import RFCs from 3.1i system - Required authorisations

  Hi,
  I am trying to import some RFCs from a 3.1i system
  However, I am getting the following error in XI when I try this :
  Logon failed: You are not authorized to logon to the target system.
  Can anyone tell me a list of all the authorisations required bearing in mind this is a 3.1i system so the XI roles will not exist as standard.
  Cheers
  Colin.

  hi Colin,
  the user which will be used to import the metadata
  needs to have:
  auth to these groups :
  As of 3.1H
  RFC1, SG00, SRFC, SUNI, SYST
  from:
  Authorizations to Read Metadata on
  http://help.sap.com/saphelp_nw04/helpdata/en/25/76cd3bae738826e10000000a11402f/content.htm
  XI roles have nothing to do with that
  as you're using user in the r3 system and not the XI
  Regards,
  michal

• RFC Users  & Authorisations

  In the profiles of the  RFC users it was noticed  that SAP_ALL was present. In order  to remove this, :
  1.its needed to know what other authorisations need to be assigned.
  2. This is the bottle neck. How does one understand which are the activites  that are being performed.
  Thanks

  george G wrote:george G wrote:george G wrote:george G wrote:>
  > Now here we trip  on a very important question point...How does the Unkown body of users get acess to the RFC id /pwd ?
  Chances are good that they do not need the id / pwd. They only need the name of the RFC destination (for which the id / pwd is saved in SM59, already) and the ability to run "the" or "an" interface (or generate a dialog session).
  Another option is not to save the logon data in the destination, and request that the current user running the interface in the source enter their own (valid) id / pwd for the target.
  >
  > Unless its compromised personally ?
  Not necessarily necessary, but that does often add a new dimension to the risk, as the folks have a wider choice of sources from which they can "run an interface" using the id, and a wider group of folks (who talk to each other...).
  >
  > What specifics are the potential impacts the compromised id do ?
  You mentioned before that it has SAP_ALL?? Go figure what that means...
  >
  > On the sidetrack , the auditors are moved  with RFC users !!  Why would that be , to my auditor I put forth the question the answer was " they are not Dialogue users !"
  See above (SAP_ALL). The user could change itself to a dialog user... I can think of approximatly 300 thousand reasons (just off the top of my head) why your auditors are <removed_by_moderator>
  Most likely they have, much like the interface user owner you described before, been told this and have not questioned it. Or the thought never crossed their minds that the id would not be required at all if it cannot "logon"...

• Authorisations for RFC User

  Hello,
  Does anyone have an exhaustive list of the authorisations that should be granted to RFC users in GTS and for those in the Feeder Systems?
  Thx,
  Marc

  Hi Marc
  I haven't reached this stage yet, as you know.. from the question you have answered for me.
  But I believe it is authorization to the object s_rfcacl. Can you check if it works ?
  (In a similar situation we tried to give the user access to additional RFC authorizations or SAP_ALL and then once we found the rfc working... reduced the authorizations given to that user)
  Is there any specific error that you get when you run the RFC authorization test ?

• How to render web items based on the authorisation profile of the user

  Hello,
  Is there any way to render web items based on the authorisation profile of the user. The only way i can think of is:
  - Write ABAP to look up into the security mapping tables.
  - Convert the ABAP report into RFC-Enabled FM. The selection variables will be part of the import/export parameters of FM and table can be used to display the result.
  - Create HTML template using WAD, write Java Script to call the FM and map the import/export parameter. Display the result in Table.
  But i don't know How to use the Java Script to call Function Module (FM) and get back the authorization through parameter.
  Is anyone know about it or is there any other method to do it? I can't find any solution and it is very critical for me.
  Any help is highly appreciated.
  Rajat

  Hi Rajat,
  Do you mean that you want certain users to be able to use only certain web items? I think you can use the libraries for that and assign them to roles:
  http://help.sap.com/saphelp_nw04/helpdata/en/4e/0f813b420ce60ee10000000a114084/content.htm
  Hope this helps...

• Problem while calling an RFC Function Module in Background

  Hello,
  I have created a RFC function module for reading data from an external DB system. The FM calls an external RFC program (coded in C++ using RFC SDK), which delivers the required data. This external program is maintainged as an TCP RFC Connection in SM59.
  Further I have created a report, that calls the RFC function module to get the data from the external RFC programm.
  My problem is, when I call the report in foreground, everything works OK, the RFC connection works and data can be read from the external program.
  However, when I schedule the report to run in background as a job, the report is stating in the protocoll that there was a problem calling the defined RFC connection (although the connection is working properly at that time).
  More funny is, this particular problem with running in background occurs only in the productive system, in test and development system the report works correctly also while running as a job in background.
  Can you suggest the solution to this problem? Could it be something with authorisations or server settings?
  I will be on holiday for the next 6 weeks, so take your time to answer .
  Regards,
  Dusan.
  Edited by: Julius Bussche on Jan 22, 2009 7:19 PM
  Please read the forum rules about u r g e n t ...

  This is an external RFC server program, not a remote enabled ABAP RFC function module as the others seem to be assuming, right?
  Is it possible that your DEV and QAS systems only have one application server, but the PROD has many and dedicated one(s) for processing low priority background jobs?
  It might be that the target server of your TCP connection is not this BTC instance, and your RFC server is returning the data "locally" - so, into nirvana...
  Just guessing, but might be worth checking.
  Cheers,
  Julius

• RFC Error message when logging on to SMD

  Hello Experts,
  While installing SMD, the LMSERVICE and SAPISEM80.SAR, SAPISMM80.SAR have already been installed through SDM.
  1- When I type http://hostname:8004/SMD and login with my username j2ee_admin and password, I get a blanck screen with following error message
  "message.rfc_get_error",
  "message.guid_text".
  Can anyone let me know, how can I resolve this error message of "message.rfc_get_error"?
  Also should I use the port no for SMD as 8004 or 50400?
  Thanks,
  Haleem

  Dear Haleem,
  Please follow the advice from the below link.
  Solution Manager Diagnostics not ready to use
  Authorisation Error in Solman Diagnostics
  Definitely solve your problem ... specially with WEBADMIN RFC in ABAP and run DIAGSETUP.
  Regards
  Shailesh Mamidwar

• Call RFC in BSP

  Hi all
  Can anybody suggest me how to call the remote function module from a another SAP system. When i give the destination and call the FM it is opening a new GUI window promting user id and pwd.
  Is there a way to skip this and call the remote FM.

  Hi Vijaya,
  Your coding is probably already correct.
  Where the issue will be is with the RFC destination.  If the RFC destination is configured with a valid username and password then you will not be prompted with a logon screen.
  To check the RFC destination is valid, use transaction SM59.  Select the desired destination and go to change or display it.  From the menubar you should see the option, Test->Test Authorisation.  If you use this option and the test comes back ok then the destination is correct.  If not, either a user is not maintained for the destination, or the user is invalid (locked, wrong password, etc.).
  Hope that helps.
  Brad
  PS: Given my sarcastic response to your last thread, I'm ok if you dont award anything for this response!!!
  Edited by: Brad Williams on Feb 21, 2008 6:10 PM - Fixed Typo!

• RFC trouble with satellite systems

  Hi all.
  When i imort transport request from Charm - DEV to QAS system or QAS to PRD system
  Logon screen appers to 000 clientst.
  BUT!
  in SMSY when i check RFC to the QAS 000 and PRD 000.
  Check says all okey and green.
  Any ideas?? where should i check more ....
  Thanks
  Sindry

  Hi  Sindry,
  To allow import into a system using an automatic job via ChaRM you must assign additional authorisations to TMSADM on the satellite system.  This trusted user must be granted authorisations to carry out the CTS import in client 000, otherwise it will prompt user for a 000 login.  This is not recommended for Production system however.
  To enable user to use the trusted RFC connection, must have access to S_RFCACL authorisation object.
  Hope this helps
  Paul

• RFC destination R/3 Source does not exist., error key: RFC_ERROR_SYSTEM_FAI

  Hi All,
  I am getting the error "RFC destination R/3 Source does not exist., error key: RFC_ERROR_SYSTEM_FAILURE" when planning sequence (IP) is executed. Can some one help me please asap.
  Regards
  Kiran

  Hi,
  Please go to sm59 and check if the RFC connection exists for this source system. If its there, please double click on it and on next screen, go to Menu bar and click on Test-> Connection and then test -> authorisation.
  If you get any error, thats the reason. If you dont find the RFC at all, thats the reason why you got error.
  You may also check WE20 for partner profile, whether it exists or not.

• Business content data source for  BP Product (De)Authorisations & Terminate

  Hi Experts......
  Good evening!!!..
  I do have one requirement for which im not getting any business content ds. Could you pl help me out in that ?
  My requirement is like below.
  Report is extracting SAP CRM contracts data:
  u2022     This report lists the number (as a numerical count) and the Type of BP Contractual Relationships and the Product Groups (PPRs) they are able to sell under those BP Contractual Relationship Agreements (BPAs).
  u2022     This report should also include (at the usersu2019 discretion) all Terminated BPAs and any de-authorised (Terminated) Product Groups. 
  u2022     The user should be able to decide whether the report includes Terminated BPAs and de-authorised Products ONLY.
  Pre-Requisite     BPA Contract has been accepted (Registered)
  Pre-Requisite     Include only changes to BPA contract (including Terminations and Product Group de-authorisations) which have been accepted (Registered) in CLM/Upside.
  Pre-Requisite     Do Not include changes (including Terminations and Product Group de-authorisations) to BPA which are u2018pendingu2019
  ADDITIONAL DESCRIPTION
  u2022     Channel Partners are called  Business Partners by contract.
  u2022     Some T2 Business Partners have contractual relationships with the company, while some may not; referred to as non-contracted T2u2019s.
  u2022     These Contractual Relationships are regulated in Business Partner Agreements
  u2022     BP Agreements outline the BPu2019s Relationship Type with IBM (e.g. Distributor/Reseller/Solution Provider) as well as the Product Groups (PPRs) that the BP has been authorised to sell under the BP Agreement Terms & Conditions with IBM.
  u2022     The subject of this report is to report on the number (as a numerical count) and the Type of BP Contractual Relationships and the Product Groups (PPRs) the BP is authorised to sell under those BP Contractual Relationship Agreements (BPAs).
  u2022     This report should also include (at the usersu2019 discretion) all Terminated BPAs and any de-authorised (Terminated) Product Groups (PPRs) previously associated with the BPA. 
  u2022     The user should be able to decide whether the report includes Terminated BPAs and de-authorised Products ONLY.
  u2022     A BP can have multiple relationships with Company (e.g. Distributor and Solution Provider).
  u2022     For each of these relationships the BP may have a separate BP Agreement (BPA) with company.
  u2022     Both T1 and T2 BP Agreements are also stored as a system contract in CRM outlining:
  o     The Discounts a BP will get under the corresponding agreement
  u2022     The BP Relationships are also reflected as a SAP Distribution Channel in SAP.
  Waiting for your quick response....
     Thanks in advance.

  Hi,
  I think you need to recheck RFC created for QA system , i guess it contains IP Address of the Dev system . Which is why it leads to Dev system whenever you try to goto source system.
  In case if dev, quality server are in the same server with different client then
  Goto  Transaction SM59,
  Select RFC (Dialog ) and tabpage "Logon security" tick on logon screen
  Hope that helps.
  Regards
  Mr Kapadia
  Assigning points is the way to say thanks in SDN.