RFC Logon user authorizations

Similar Messages

• RFC Sender - Logon User - What Roles and Authorizations?

  Hi,
  Scenario: RFC Sender --> XI --> JDBC
  What necessary Roles and Authorizations has to be given for Logon User (in Sender RFC Communication Channel).
  It has to be moved to production soon. My Client wants to give only Roles and Authorization that are necessary for the Logon User.
  With Regards,
  Manikandan R

  Hi ,
  U need to give ECC Authorisation
  Application server : ECC Server
  Sytsem no : ECC system number
  Logoon User : ECC any username
  password : password for above user
  clientr : ECC client ( From which client u are sending to RFC adapter)
  Regards,
  Jayasimha jangam

• RFC Communication Channel only allows for one Logon User

  We're currently building a SOAP over HTTPS application in XI where
  an RFC communication channel connects to R3 with a logon user id
  and logon password (RFC Client Parameter). When updates are made
  on the R3 side using BAPI_NETWORK_MAINTAIN (for example), they're all
  done with the one logon user id. So fields "Last Changed by" or "Created by" have the
  one id, and any approvals can only be done by the one manager over the one id XI uses.
  If the external application passed an id (and password if necessary) to
  XI, is there any way connect to R3 using the passed id, and not have to
  use the one generic id .  If we're limited to the one id, is it
  possible on the R3 side to be able to change the id to a passed id that
  can then run the BAPI's/RFC's ?

  Hi Kye
  These should help you
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8798be90-0201-0010-d093-85f728778d37
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2a9dbe90-0201-0010-b283-a56f64534f18
  To capture parameter from URL you need to use ASMA for SOAP.
  Thanks
  Gaurav

• RFC adapter: Dynamic logon user

  I need to have a RFC adapter where the SAP logon user is taken from an incoming SOAP request, e.g. the logon user in the RFC adapter has to be dynamically changed.
  Is there any suggestions to handle this issue? And do anybody know if SAP is releasing a RFC adapter handling this issue in near future?
  /Brian

  One solution is to modify the RfcAFBean module on the module tab of the RFC adapter.
  But this work around requires that each SAP function module adds a user field, so you can map the SOAP request user to this user field.
  Another draw back is that you have to create you own pool of channels to keep track of which user is using which channel(s).
  /Brian

• CRM Analytics - User Authorization Not Suficient

  Hi Guys,
  We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient.
  If I open the error I get the message :
  Diagnosis
  The user doesnot exist in the BI client or has insufficient authorizations
  Procedure
  Contact system administrator to verify the user is setup properly in both CRM and BI client
  Procedure for System Administration
  Verify that the user exist in BI client with the same user id, if not create it and assign proper authorizations as per the configuration guide.
  When I run the query or the webtemplate in BW I don't have authorization problems, but I can't run from CRM.
  Any suggestion about how to fix it?
  Thanks in advance,
  Fernando

  Hi Fernando,
  The report which you have implemented is doing a RFC call to BI system where some other system program is getting called which have authorization logic check for the RFC user ( or the person who is running the report). here report is terminating with error. I have face the similar issue.
  generally such reports we use to schedule as a background job with batch user which have SAP ALL access but I feel in your case user who runs the report have not sufficent authorization in BI system and also you are not running report as an background job.
  There aretwo tricks to findout the missing authorization which I also have used.
  First option : close all the session except one in CRM and than run the report as soon as the error comes open transaction code SU53 to know the missing authorization - may be you can fail here as the authorization check fail in BI.
  Second option definitely will work. Whenerror is coming double click on the mmessage to know the message detail(class and number) than again run the report in debugging mode (/H- type in address bar to activate debugging) than set breakpoint in the message and press f8( may be system will not set the break point immediately than you need to debug till the RFC calls BI system) . system will take you to the exact authorization code check where the error is coming. there you can find out the missing authorization object which is not included in the user assigned role. than can ask access team to add in the user role.
  I hope this will solve your issue. Please revert with your finding.
  Thanks,
  Prem

• RFC Logon screen in SM51

  Hi Basis Consultatnts,
  Current system:
  Central Instance/DB Instance - R/3 Enterprise MSSQL server 2000 & ERP 2004
  Now,
  I have installed a Dialog instance, i can log in to the new server and everything is fine, but, here's the problem, once in a while a "Remote Logon" prompt pops up asking the user to log into the central instance!!! even though they are logged into the dialog instance.
  So I check SM51, looks good, if i'm logged into either server and double click on the other server i get the "Remote Logon" prompt.
  I re-installed the DI, which i did, and the problem still exists.
  Has anyone ever had this problem? I ran DB_DBIDENT in SE37 on both servers and there is a difference, the central instance is #MSSQL#D01#SAPPRD#, the dialog instance is #MSSQL#D01#sapprd#.
  Sounds like an RFC logon problem? ya it probably is but how do i fix it, i'm at a complete loss.
  Thanks for any input.
  -Indra kumar

  Hello Indra,
  Please check the OSS note 90323.This should help you out. Let me know if this worked out for you.
  Regards.
  Ruchit.

• Accessing the Logon User Exit from the Internet using an ITS Service

  I can access the Logon User Exit (EXIT_SAPLSUSF_001) from R/3, but not from the Web using an ITS service. What am I missing in order to access the Logon User Exit from the Web. The ITS service was created from an ABAP screen program.
  Thanks
  david yee

  The SAPGui logon exit is called after successfull authentication has been completed and after a SAPGui session has been attached.
  If you logon via RFC, WebGui, ICM or the Wgate then this exit does not trigger.
  What are you wanting to add to your code after the logon ?
  An solution I have used is to create a wrapper RFC for a BAPI and create a webservice for the wrapper. Before calling the BAPI you can do whatever you want to from a security perspective.
  But for that you need to have an appropriate BAPI...
  Please explain what you want to do and what you would have wanted in the exit. Often there is a better way.
  Cheers,
  Julius
  ps: I moved this to the security forum.

• Workflow - RFC Status  -- User is locked

  Hi , experts
  I prepared a  workflow and  tested it with   PFTC_DIS transaction.          
  there was no problem .But when i trigered this workflow event in my program , workflow not worked. I used SWEL and SWELS programs to traced it.
  The list is below.
  The problem is "RFC Status  = User is locked. Please notify the person responsible".
  Please help.
  Regards
  Aysenur
  SWEL  -Display event trace
  Event Instance ID    145008                                
  Object Type          ZBUS_Z                             
  Object Key           1000001999                            
  Event                   OKEY                          
  Event Creator        US DX          DX
  Creation Time        26.02.2007 15:43:24 ZET               
  Receiver Type        WS98000099                            
  Object Key                                                 
  Receiver FM           SWW_WI_CREATE_VIA_EVENT_IBF           
  RFC Destination      WORKFLOW_LOCAL_240                    
  Check FM                                                   
  Receiver Type FM                                                                               
  Trace Date/Time      26.02.2007 15:43:24 ZET               
  User Name             DX  DX
  Main Program         ZTR_XX            
  Action                    Receiver started correctly               
  RFC Status            User is locked. Please notify the person responsible

  Hi,
  Your workflow is not configured properly. Transaction SWU3 -> Configure RFC destinations, hit generate. You may well lack the authorization, in which case you will need a basis person to help you.
  Hope that helps,
  Mike

• BPC 7.5 NW- error 'Name or password of RFC Communication user is invalid '

  Hi
  Environmen: Win 2008 R2, CPMBPC 7.5 SP09, BW 7.2 Sp09, .NET BPC 7.5 SP09
  I just completed installing .NET BPC 7.5 and when I try to open BPC Server manager, i get "cannot coonect to ABAP server' error.
  When I try to open the website http://localhost/osoft I get the error "name or password of RFC communication user is invalid".
  I see the same error in the BPC logs as well.
  I have the tried the following so far:
  1. Created single domain user for the three communication users BPC_sysadmin, BPC_admin & BPC_user.
  2. I momentarily changed to dialog users and logged in to check their fucntioning.
  3. I have generated their relevant profiles. Inlcuded SAP_ALL, SAP_NEW for the sysadmin ID
  4. I have disabled firewall, allowed port 80 on Windows firewall.
  5. I have disabled UAT
  6. I have followed the rest of the installation as per inst guide.
  When I run BPC server manager diagnostics, I see error "SAP ABAP server connection:database connection:status error".
  Can someone tell is there anything else that I could try ?
  many thanks
  Sreekanth

  Hi,
  If when you launch BPC Server Manager, you do not get "Cannot connect to ABAP server", this means user BPC_SYSADMIN is connecting correctly. And assuming you had invalid RFC user in BPC Web, your issue is then only with user BPC_USER (or BPC_ADMIN if the issue is with BPC Admin client only)
  If you do get that error, it means the error is for more than one user, so I would look for something big missing.
  In point 1 you mention domain users, make sure in BPC Server Manager under "reset login credentials" that you do not have windows users specified there as it's a common mistake, those should be your 3 BW communication users
  On BPC .Net server, if you installed SAP GUI, run an MDX_PARSER test in SM59 to check librfc32.dll is working correctly
  Also quite common issue it is possible your background users have wrong authorizations; in PFCG check the roles SAP_BPC_SYSADMIN SAP_BPC_ADMIN and SAP_BPC_USER were copied to customer namespace and that the role are active (user tab should be displaying green light) and assigned to the background communication users
  Also check the background users are not locked in SU01 (if they are locked the password saved on .Net server was or is not matching the real password defined on NW server)
  Thanks,
  Julien

• Retrieve  Logon user  from Windows Directory

  Hi,
      We need to retrieve  logon user from windows directory in BSP. Please suggest the relevant   code for the same.
  Regards,
  Divyanshu

  Hi,
  I have a scenario where in we have a  enhancement  to open a PDF file in portal  with standard SAP  HCM_LEARNING application. If file does not exist then I need to give the custom messages.To give the custom message we need to  check that whether the URL of  PDF file is valid or not. Currently I am using HTTP2_GET function module to validate the same.This FM returns the status code by which we can know whether this URL is accessible or not.  This function module requires a RFC destination as a input parameter . I am  using SAPHTTPA for the same.
  This RFC Destination (TCP/IP) does not have credentials with it , so the return status code is always 401 (unauthorised ). I also tried to use other RFC destinations(of type G) that have credentials with it  but this is not compatible with this FM.
  Can you help me in regard to below queries:
  Is there any other  method that we can use to validate the URL ?
  How we can use the session variables (as the user has already logged in  so that it should not ask for credentials.) Is there any way to specify  the Credentials in the RFC destination of type T?
  Kindly share your inputs with me  to fix the same.

• My laptop will not start - it's telling me that "the logon user interface dll csgina.dll fail to loa

  My Laptop will not start - it's a 4 year PC and it's runing on XP.
  When I start I get this message" The Logon USer Interface DLL failed to load - Contact your administratoe to replace the DLL or restore the original".
  How do I fix so I can start my windows.
  Thanks,

  Hello -
  Try this:
  - When you receive the error message that is described in the "Symptoms" section, click Restart.
  - Press F8 repeatedly as your computer begins to restart. This triggers the Windows Advanced Options menu.
  - Use the arrows on your keyboard to select Last Known Good Configuration, and then press ENTER.
  (Also, You can try Safe Mode and do a "System Restore" from there.)
  ***Last Resort, you will have to edit the registry and this may prevent your computer from booting***
  - boot your system and tap away at F8
  - Select Safe Mode
  - After Windows loads into safe mode.
  - Start >> Run >> “regedit” Press Enter.
  - Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
  - Look for the GinaDLL Key
  - Select and delete this key and this key ONLY. DO NOT delete the entire Winlogon folder of keys.
  - Close Regedit with the RED "X"and reboot the machine
  ****Although I am an HP employee, I am speaking for myself and not for HP.****
  ****Click the White Kudos star to say thanks****
  ****Please mark "Accept As Solution" if it solves your problem****

• Variable value to be populated based on user authorization

  Hi all,
  I want to have a variable with single value on plant.
  when the user executes the report, value of the variable has to be populated automatically based on the authorization of the login user and it has to show the output without displaying the selection screen.
  Kindly guide me of, what type of variable to create and to proceed.
  Thanks.
  I

  Hi
  Restriction Plant from user authorization can be achieved by the following steps
  1. Plant infoobject should be authorization relevant.
  2. make authorization object including plant and restrict to the plant u needed and assign the profile to the user
  3. in BEX create variable of authorization type on plant. this variable will get the default values for the plant from the user authorization on the selection screen of the query.
  4. if you dont want to display the variable on the selection screen then remove the chek box in variable that " variable is not ready for input"
  thanks
  radhika

• Custom report toshow the "Last Logon User Name"

  Is it possible to create a custom report to display the "Last Logon User Name" field that appears in the Properties of each computer object ?

  Yes, download the RDL file and modify the report. If the user name is not in one of the current datasets, then you have to add it first.
  Kent Agerlund | My blogs: blog.coretech.dk/kea and
  SCUG.dk/ | Twitter:
  @Agerlund | Linkedin: Kent Agerlund |
  Mastering ConfigMgr 2012 The Fundamentals

• RFC logon failed with message: Failed: Connect to SAP  gateway failed

  I installed CI instance fine and i am stopped here with this error at the end of DB instance install. Could someone let me know what could  be the reason for this. Is there any fix or workaround to continue the install.
  INFO       2006-09-16 01:13:02 [iaxxrfcimp.cpp:398]
            CAbRfcImpl::setRfcConnectParam
  RFC parameter ASHOST set to value hostSAP.
  INFO       2006-09-16 01:13:02 [iaxxrfcimp.cpp:398]
            CAbRfcImpl::setRfcConnectParam
  RFC parameter SYSNR set to value 09.
  INFO       2006-09-16 01:13:02 [iaxxrfcimp.cpp:543]
            CAbRfcImpl::checkConnectInfo
  RFC connection information checked successfully.
  ERROR      2006-09-16 01:13:02 [iaxxrfcimp.cpp:450]
            CAbRfcImpl::openRfcConn
  FRF-00007  Unable to open RFC connection.
  ERROR      2006-09-16 01:13:02
            CJSlibModule::writeError_impl()
  FRF-00063  RFC logon failed with message: Failed: Connect to SAP  gateway failed
  Connect_PM  GWHOST=hostSAP, GWSERV=sapgw09, ASHOST=hostSAP, SYSNR=09
  LOCATION    CPIC (TCP/IP) on local host
  ERROR       partner not reached (host hostSAP, service 3309)
  TIME        Sat Sep 16 01:13:02 2006
  RELEASE     640
  COMPONENT   NI (network interface)
  VERSION     37
  RC          -10
  MODULE      nixxi_r_mt.cpp
  LINE        8528
  DETAIL      NiPConnect
  SYSTEM CALL connect
  ERRNO       146
  ERRNO TEXT  Connection refused
  COUNTER     4
  Thanks,
  Ram

  at the end of the database instance installation SAPInst is doing some RFCs to the CI.
  The logfile states that the gateway on host hostSAP with the systemnumber 09 is not reachable.
  Please check if you have started the central instance on this machine.
  peter

• Last Logon User name query attribute not populating

  I have created a query that looks for all desktops in my environment and returns the hostname of the PC, the computer system model, and the last logon user name of each machine.  The problem is about 200 PCs do not have the last logon user name field
  populated.  The remaining 350 desktops and all laptops are reporting this.  I have been looking at this for the last several days but cannot find a reason why.  I verifed the PC have had at least one person log into them.  I thought maybe
  it is an issue with the SCCM client on the PCs so I have tried unistalling/reinstalling the client on a few machines.  After the reinstall is complete, the query shows my domain account as last logged into that PC, as I would expect.  However, no
  matter how many times I log into and out of the same PC with a different domain account, the query doesn't show this.  Can anyone help with some direction with this?  I am running Config Manager 2012 SP1 CU2.
  Thanks in advance.
  Mike G

  Audit logon events it set to capture success and failures.  The Heartbeat Discovery is set to send every week.
  Check your DDM log on site server and look for any error messages.
  I personally run my heartbeat discovery every day.
  You can try to adjust your discovery interval and see if that helps. If you can run it manually and it works, I can't think of anything that it would prevent it from working site wide with currently scheduled interval.
  Also, if you have adjusted your aged data maintenance tasks, this is something worth noting:
  The default schedule for Heartbeat Discovery is set to every 7 days. If you change the heartbeat discovery interval, ensure that it runs more frequently than the site maintenance task Delete
  Aged Discovery Data, which deletes inactive client records from the site database. You can configure the Delete Aged Discovery Data task
  only for primary sites.
  http://technet.microsoft.com/en-us/library/gg712308.aspx#BKMK_HeartbeatDisc