RFC Logon user authorizations
Hi! I have some doubts regarding the authorizations for the RFC logon user.The same question is disussed in the forum.But I am still confused.I mean authorizations to the user for which we set the user id and password in the RFC destinations in SM59 transaction.
1) Our RFCs exist in the backend and we develop SyncBos in the Middle ware MI server.So we give the Logon Id and pwd to allow the Middleware to remotely logon to the backend for exceuting the RFcs. right?
So the UserId we give here, must be a valid user in the backend.I want to know the minimum authorization objects that are required to be given to this user,So that RFcs in the backend are executed.
2) There is also an option "current user".When should this be used?
Thank you!
Hi,
When current user option is set, it means that the userid and password which we use on the client to synchronize with the middleware is taken by the RFC and tries to execute the BAPI Wrappers. So this means that the user id and password should be same across both middleware and backend systems and in the backend system this particular sync user should have the proper authorizations to execute the BAPI Wrappers from the middleware system.
Simply saying when current user option is set, the userid and password should be identical on both middleware and backend systems with proper authorizations in the backend system to execute BAPI wrappers(for that set S_RFC role for user in the backend).
Regards,
Siva.
Similar Messages
-
RFC Sender - Logon User - What Roles and Authorizations?
Hi,
Scenario: RFC Sender --> XI --> JDBC
What necessary Roles and Authorizations has to be given for Logon User (in Sender RFC Communication Channel).
It has to be moved to production soon. My Client wants to give only Roles and Authorization that are necessary for the Logon User.
With Regards,
Manikandan RHi ,
U need to give ECC Authorisation
Application server : ECC Server
Sytsem no : ECC system number
Logoon User : ECC any username
password : password for above user
clientr : ECC client ( From which client u are sending to RFC adapter)
Regards,
Jayasimha jangam -
RFC Communication Channel only allows for one Logon User
We're currently building a SOAP over HTTPS application in XI where
an RFC communication channel connects to R3 with a logon user id
and logon password (RFC Client Parameter). When updates are made
on the R3 side using BAPI_NETWORK_MAINTAIN (for example), they're all
done with the one logon user id. So fields "Last Changed by" or "Created by" have the
one id, and any approvals can only be done by the one manager over the one id XI uses.
If the external application passed an id (and password if necessary) to
XI, is there any way connect to R3 using the passed id, and not have to
use the one generic id . If we're limited to the one id, is it
possible on the R3 side to be able to change the id to a passed id that
can then run the BAPI's/RFC's ?Hi Kye
These should help you
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8798be90-0201-0010-d093-85f728778d37
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2a9dbe90-0201-0010-b283-a56f64534f18
To capture parameter from URL you need to use ASMA for SOAP.
Thanks
Gaurav -
RFC adapter: Dynamic logon user
I need to have a RFC adapter where the SAP logon user is taken from an incoming SOAP request, e.g. the logon user in the RFC adapter has to be dynamically changed.
Is there any suggestions to handle this issue? And do anybody know if SAP is releasing a RFC adapter handling this issue in near future?
/BrianOne solution is to modify the RfcAFBean module on the module tab of the RFC adapter.
But this work around requires that each SAP function module adds a user field, so you can map the SOAP request user to this user field.
Another draw back is that you have to create you own pool of channels to keep track of which user is using which channel(s).
/Brian -
CRM Analytics - User Authorization Not Suficient
Hi Guys,
We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient.
If I open the error I get the message :
Diagnosis
The user doesnot exist in the BI client or has insufficient authorizations
Procedure
Contact system administrator to verify the user is setup properly in both CRM and BI client
Procedure for System Administration
Verify that the user exist in BI client with the same user id, if not create it and assign proper authorizations as per the configuration guide.
When I run the query or the webtemplate in BW I don't have authorization problems, but I can't run from CRM.
Any suggestion about how to fix it?
Thanks in advance,
FernandoHi Fernando,
The report which you have implemented is doing a RFC call to BI system where some other system program is getting called which have authorization logic check for the RFC user ( or the person who is running the report). here report is terminating with error. I have face the similar issue.
generally such reports we use to schedule as a background job with batch user which have SAP ALL access but I feel in your case user who runs the report have not sufficent authorization in BI system and also you are not running report as an background job.
There aretwo tricks to findout the missing authorization which I also have used.
First option : close all the session except one in CRM and than run the report as soon as the error comes open transaction code SU53 to know the missing authorization - may be you can fail here as the authorization check fail in BI.
Second option definitely will work. Whenerror is coming double click on the mmessage to know the message detail(class and number) than again run the report in debugging mode (/H- type in address bar to activate debugging) than set breakpoint in the message and press f8( may be system will not set the break point immediately than you need to debug till the RFC calls BI system) . system will take you to the exact authorization code check where the error is coming. there you can find out the missing authorization object which is not included in the user assigned role. than can ask access team to add in the user role.
I hope this will solve your issue. Please revert with your finding.
Thanks,
Prem -
Hi Basis Consultatnts,
Current system:
Central Instance/DB Instance - R/3 Enterprise MSSQL server 2000 & ERP 2004
Now,
I have installed a Dialog instance, i can log in to the new server and everything is fine, but, here's the problem, once in a while a "Remote Logon" prompt pops up asking the user to log into the central instance!!! even though they are logged into the dialog instance.
So I check SM51, looks good, if i'm logged into either server and double click on the other server i get the "Remote Logon" prompt.
I re-installed the DI, which i did, and the problem still exists.
Has anyone ever had this problem? I ran DB_DBIDENT in SE37 on both servers and there is a difference, the central instance is #MSSQL#D01#SAPPRD#, the dialog instance is #MSSQL#D01#sapprd#.
Sounds like an RFC logon problem? ya it probably is but how do i fix it, i'm at a complete loss.
Thanks for any input.
-Indra kumarHello Indra,
Please check the OSS note 90323.This should help you out. Let me know if this worked out for you.
Regards.
Ruchit. -
Accessing the Logon User Exit from the Internet using an ITS Service
I can access the Logon User Exit (EXIT_SAPLSUSF_001) from R/3, but not from the Web using an ITS service. What am I missing in order to access the Logon User Exit from the Web. The ITS service was created from an ABAP screen program.
Thanks
david yeeThe SAPGui logon exit is called after successfull authentication has been completed and after a SAPGui session has been attached.
If you logon via RFC, WebGui, ICM or the Wgate then this exit does not trigger.
What are you wanting to add to your code after the logon ?
An solution I have used is to create a wrapper RFC for a BAPI and create a webservice for the wrapper. Before calling the BAPI you can do whatever you want to from a security perspective.
But for that you need to have an appropriate BAPI...
Please explain what you want to do and what you would have wanted in the exit. Often there is a better way.
Cheers,
Julius
ps: I moved this to the security forum. -
Workflow - RFC Status -- User is locked
Hi , experts
I prepared a workflow and tested it with PFTC_DIS transaction.
there was no problem .But when i trigered this workflow event in my program , workflow not worked. I used SWEL and SWELS programs to traced it.
The list is below.
The problem is "RFC Status = User is locked. Please notify the person responsible".
Please help.
Regards
Aysenur
SWEL -Display event trace
Event Instance ID 145008
Object Type ZBUS_Z
Object Key 1000001999
Event OKEY
Event Creator US DX DX
Creation Time 26.02.2007 15:43:24 ZET
Receiver Type WS98000099
Object Key
Receiver FM SWW_WI_CREATE_VIA_EVENT_IBF
RFC Destination WORKFLOW_LOCAL_240
Check FM
Receiver Type FM
Trace Date/Time 26.02.2007 15:43:24 ZET
User Name DX DX
Main Program ZTR_XX
Action Receiver started correctly
RFC Status User is locked. Please notify the person responsibleHi,
Your workflow is not configured properly. Transaction SWU3 -> Configure RFC destinations, hit generate. You may well lack the authorization, in which case you will need a basis person to help you.
Hope that helps,
Mike -
BPC 7.5 NW- error 'Name or password of RFC Communication user is invalid '
Hi
Environmen: Win 2008 R2, CPMBPC 7.5 SP09, BW 7.2 Sp09, .NET BPC 7.5 SP09
I just completed installing .NET BPC 7.5 and when I try to open BPC Server manager, i get "cannot coonect to ABAP server' error.
When I try to open the website http://localhost/osoft I get the error "name or password of RFC communication user is invalid".
I see the same error in the BPC logs as well.
I have the tried the following so far:
1. Created single domain user for the three communication users BPC_sysadmin, BPC_admin & BPC_user.
2. I momentarily changed to dialog users and logged in to check their fucntioning.
3. I have generated their relevant profiles. Inlcuded SAP_ALL, SAP_NEW for the sysadmin ID
4. I have disabled firewall, allowed port 80 on Windows firewall.
5. I have disabled UAT
6. I have followed the rest of the installation as per inst guide.
When I run BPC server manager diagnostics, I see error "SAP ABAP server connection:database connection:status error".
Can someone tell is there anything else that I could try ?
many thanks
SreekanthHi,
If when you launch BPC Server Manager, you do not get "Cannot connect to ABAP server", this means user BPC_SYSADMIN is connecting correctly. And assuming you had invalid RFC user in BPC Web, your issue is then only with user BPC_USER (or BPC_ADMIN if the issue is with BPC Admin client only)
If you do get that error, it means the error is for more than one user, so I would look for something big missing.
In point 1 you mention domain users, make sure in BPC Server Manager under "reset login credentials" that you do not have windows users specified there as it's a common mistake, those should be your 3 BW communication users
On BPC .Net server, if you installed SAP GUI, run an MDX_PARSER test in SM59 to check librfc32.dll is working correctly
Also quite common issue it is possible your background users have wrong authorizations; in PFCG check the roles SAP_BPC_SYSADMIN SAP_BPC_ADMIN and SAP_BPC_USER were copied to customer namespace and that the role are active (user tab should be displaying green light) and assigned to the background communication users
Also check the background users are not locked in SU01 (if they are locked the password saved on .Net server was or is not matching the real password defined on NW server)
Thanks,
Julien -
Retrieve Logon user from Windows Directory
Hi,
We need to retrieve logon user from windows directory in BSP. Please suggest the relevant code for the same.
Regards,
DivyanshuHi,
I have a scenario where in we have a enhancement to open a PDF file in portal with standard SAP HCM_LEARNING application. If file does not exist then I need to give the custom messages.To give the custom message we need to check that whether the URL of PDF file is valid or not. Currently I am using HTTP2_GET function module to validate the same.This FM returns the status code by which we can know whether this URL is accessible or not. This function module requires a RFC destination as a input parameter . I am using SAPHTTPA for the same.
This RFC Destination (TCP/IP) does not have credentials with it , so the return status code is always 401 (unauthorised ). I also tried to use other RFC destinations(of type G) that have credentials with it but this is not compatible with this FM.
Can you help me in regard to below queries:
Is there any other method that we can use to validate the URL ?
How we can use the session variables (as the user has already logged in so that it should not ask for credentials.) Is there any way to specify the Credentials in the RFC destination of type T?
Kindly share your inputs with me to fix the same. -
My Laptop will not start - it's a 4 year PC and it's runing on XP.
When I start I get this message" The Logon USer Interface DLL failed to load - Contact your administratoe to replace the DLL or restore the original".
How do I fix so I can start my windows.
Thanks,Hello -
Try this:
- When you receive the error message that is described in the "Symptoms" section, click Restart.
- Press F8 repeatedly as your computer begins to restart. This triggers the Windows Advanced Options menu.
- Use the arrows on your keyboard to select Last Known Good Configuration, and then press ENTER.
(Also, You can try Safe Mode and do a "System Restore" from there.)
***Last Resort, you will have to edit the registry and this may prevent your computer from booting***
- boot your system and tap away at F8
- Select Safe Mode
- After Windows loads into safe mode.
- Start >> Run >> “regedit” Press Enter.
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
- Look for the GinaDLL Key
- Select and delete this key and this key ONLY. DO NOT delete the entire Winlogon folder of keys.
- Close Regedit with the RED "X"and reboot the machine
****Although I am an HP employee, I am speaking for myself and not for HP.****
****Click the White Kudos star to say thanks****
****Please mark "Accept As Solution" if it solves your problem**** -
Variable value to be populated based on user authorization
Hi all,
I want to have a variable with single value on plant.
when the user executes the report, value of the variable has to be populated automatically based on the authorization of the login user and it has to show the output without displaying the selection screen.
Kindly guide me of, what type of variable to create and to proceed.
Thanks.
IHi
Restriction Plant from user authorization can be achieved by the following steps
1. Plant infoobject should be authorization relevant.
2. make authorization object including plant and restrict to the plant u needed and assign the profile to the user
3. in BEX create variable of authorization type on plant. this variable will get the default values for the plant from the user authorization on the selection screen of the query.
4. if you dont want to display the variable on the selection screen then remove the chek box in variable that " variable is not ready for input"
thanks
radhika -
Custom report toshow the "Last Logon User Name"
Is it possible to create a custom report to display the "Last Logon User Name" field that appears in the Properties of each computer object ?
Yes, download the RDL file and modify the report. If the user name is not in one of the current datasets, then you have to add it first.
Kent Agerlund | My blogs: blog.coretech.dk/kea and
SCUG.dk/ | Twitter:
@Agerlund | Linkedin: Kent Agerlund |
Mastering ConfigMgr 2012 The Fundamentals -
RFC logon failed with message: Failed: Connect to SAP gateway failed
I installed CI instance fine and i am stopped here with this error at the end of DB instance install. Could someone let me know what could be the reason for this. Is there any fix or workaround to continue the install.
INFO 2006-09-16 01:13:02 [iaxxrfcimp.cpp:398]
CAbRfcImpl::setRfcConnectParam
RFC parameter ASHOST set to value hostSAP.
INFO 2006-09-16 01:13:02 [iaxxrfcimp.cpp:398]
CAbRfcImpl::setRfcConnectParam
RFC parameter SYSNR set to value 09.
INFO 2006-09-16 01:13:02 [iaxxrfcimp.cpp:543]
CAbRfcImpl::checkConnectInfo
RFC connection information checked successfully.
ERROR 2006-09-16 01:13:02 [iaxxrfcimp.cpp:450]
CAbRfcImpl::openRfcConn
FRF-00007 Unable to open RFC connection.
ERROR 2006-09-16 01:13:02
CJSlibModule::writeError_impl()
FRF-00063 RFC logon failed with message: Failed: Connect to SAP gateway failed
Connect_PM GWHOST=hostSAP, GWSERV=sapgw09, ASHOST=hostSAP, SYSNR=09
LOCATION CPIC (TCP/IP) on local host
ERROR partner not reached (host hostSAP, service 3309)
TIME Sat Sep 16 01:13:02 2006
RELEASE 640
COMPONENT NI (network interface)
VERSION 37
RC -10
MODULE nixxi_r_mt.cpp
LINE 8528
DETAIL NiPConnect
SYSTEM CALL connect
ERRNO 146
ERRNO TEXT Connection refused
COUNTER 4
Thanks,
Ramat the end of the database instance installation SAPInst is doing some RFCs to the CI.
The logfile states that the gateway on host hostSAP with the systemnumber 09 is not reachable.
Please check if you have started the central instance on this machine.
peter -
Last Logon User name query attribute not populating
I have created a query that looks for all desktops in my environment and returns the hostname of the PC, the computer system model, and the last logon user name of each machine. The problem is about 200 PCs do not have the last logon user name field
populated. The remaining 350 desktops and all laptops are reporting this. I have been looking at this for the last several days but cannot find a reason why. I verifed the PC have had at least one person log into them. I thought maybe
it is an issue with the SCCM client on the PCs so I have tried unistalling/reinstalling the client on a few machines. After the reinstall is complete, the query shows my domain account as last logged into that PC, as I would expect. However, no
matter how many times I log into and out of the same PC with a different domain account, the query doesn't show this. Can anyone help with some direction with this? I am running Config Manager 2012 SP1 CU2.
Thanks in advance.
Mike GAudit logon events it set to capture success and failures. The Heartbeat Discovery is set to send every week.
Check your DDM log on site server and look for any error messages.
I personally run my heartbeat discovery every day.
You can try to adjust your discovery interval and see if that helps. If you can run it manually and it works, I can't think of anything that it would prevent it from working site wide with currently scheduled interval.
Also, if you have adjusted your aged data maintenance tasks, this is something worth noting:
The default schedule for Heartbeat Discovery is set to every 7 days. If you change the heartbeat discovery interval, ensure that it runs more frequently than the site maintenance task Delete
Aged Discovery Data, which deletes inactive client records from the site database. You can configure the Delete Aged Discovery Data task
only for primary sites.
http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_HeartbeatDisc
Maybe you are looking for
-
Should I keep my MacBook Pro or exchange it for more Ram and SSD space?
Hello, I decided to purchase a MacBook Pro 15 inch with Retina display. I thought I would just bite the bullet and get it with the upgraded 16gb Ram and 512 SSD as I want this computer to last me at least 5 years. I don't know exactly what I will be
-
Error wirh release of the requets Special character "_" in generic key
Hello I am trying to release the request, this reques was generated to installation the baseline for Peru but I got this message: Key messages: TABU TFAWC 200SAPLCATS 2100TCA Special character "_" in generic key Special character "_" in generic k
-
How to edit symbol without dimming the rest?
I can't figure out if this is possible and how to do it on the same window. Illustrator is not very good with the display options and real time updating changes on a new window.
-
F4 field is called first in ALV Grid
Hello All, I have a strange issue where in I have 4 fields in alv grid. Last field is having the F4 help facility. When clicking on creating new row in the grid, automatically the control is going on to the last field (f4 field) and is getting called
-
My guess for iPhone not supporting copy+paste.. - iPhone only supports English as the input language. - iPhone can display multiple languages including Japanese. - If I could copy and paste, I would have copied a text from Safari or any mail and past