RFC User Authorizations

Similar Messages

• Authorization Required for RFC user  in R/3-APO system.

  Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user  id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and  provide the required the authorization in R/3 and APO system.
  Regard
  Auroshikha

  The RFC authorisation depends completely on what the user is doing (ALEREMOTE?).  We can't tell you what RFC auths your connection requires. 
  There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections

• Authorizations needed for MAM 2.5 for RFC user and business users

  Hello all,
  We are using MAM 2.5 application but we are facing authorizations issues.
  It seems we have not enough authorizations on RFC user used between middleware system and back-end system located on the RFC destination MAM on the middleware.
  And we don't find any SAP document related to this customizing.
  Moreover is there any other or same document deals with authorizations needed on the back-end for each user using MAM on its mobile device ?
  Thank in advance,
  Eric GOURDOU

  Hello,
  Can you send me the errors you have?
  If you have a trusted connection, then each users need the authorization S_RFCACL .
  Other than that, I never had to set any authorization for the plant maintenance scenarios of MAM.
  Thank you,
  Julien.
  msc mobile Canada
  http://www.msc-mobile.com

• Invalid_jobdata when submitting job with rfc user

  Hi,
  I've created a function module in the erp system to remotly trigger a report program by a bw prossess chain.
  When running in the forground it works fine, but the runtime is so long that I want it as a background job.
  So I call job_open, job_submit, job_close in the function module. When I test the function module in the erp system with my dev user it opens a new job, adds a step and release correctly. It also runs fine if I intercept it in the debugger and change sy-uname to aleremote (the standard rfc user).
  It does not work when it's acctually called rfc from the bw system. The job is opened, but job_submit throws invalid_jobdata.
  Could this have anything to do with rfc or the executing user (which is of type SYSTEM)?

  I've caught the execption so there is no dump, but I'm unable to determine why the function module job_submit gives invalid_jobdata only when the executing user is the aleremote user and only when the call originated (the call to my module) from a remote system (the module job_submit is called locally thru my module). Authorization for the user is sap_all, but I was woundering maybe the user type system could be a problem?

• CRM Analytics - User Authorization Not Suficient

  Hi Guys,
  We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient.
  If I open the error I get the message :
  Diagnosis
  The user doesnot exist in the BI client or has insufficient authorizations
  Procedure
  Contact system administrator to verify the user is setup properly in both CRM and BI client
  Procedure for System Administration
  Verify that the user exist in BI client with the same user id, if not create it and assign proper authorizations as per the configuration guide.
  When I run the query or the webtemplate in BW I don't have authorization problems, but I can't run from CRM.
  Any suggestion about how to fix it?
  Thanks in advance,
  Fernando

  Hi Fernando,
  The report which you have implemented is doing a RFC call to BI system where some other system program is getting called which have authorization logic check for the RFC user ( or the person who is running the report). here report is terminating with error. I have face the similar issue.
  generally such reports we use to schedule as a background job with batch user which have SAP ALL access but I feel in your case user who runs the report have not sufficent authorization in BI system and also you are not running report as an background job.
  There aretwo tricks to findout the missing authorization which I also have used.
  First option : close all the session except one in CRM and than run the report as soon as the error comes open transaction code SU53 to know the missing authorization - may be you can fail here as the authorization check fail in BI.
  Second option definitely will work. Whenerror is coming double click on the mmessage to know the message detail(class and number) than again run the report in debugging mode (/H- type in address bar to activate debugging) than set breakpoint in the message and press f8( may be system will not set the break point immediately than you need to debug till the RFC calls BI system) . system will take you to the exact authorization code check where the error is coming. there you can find out the missing authorization object which is not included in the user assigned role. than can ask access team to add in the user role.
  I hope this will solve your issue. Please revert with your finding.
  Thanks,
  Prem

• JCO getDefaultConnection() not using RFC user from XCM

  Hello,
  I am writing a custom backend class to call a custom function module in R3 to get some data. As this has to run before the application start page is loaded, I have used a exit before the /b2b/startapp.do is called.
  The problem here is that when I am using the getDefaultJCoConnection() method in the backend class which extends the IsaBackendBusinessObjectBaseSAP class, the JCO user is determined as the application user rather than the RFC user which I have configured in XCM. Because of this there is an authorization error as the application user does not have auth to the custom function group.
  I have written many other exits in the application and they are all working fine and picking up the RFC user which has relevant authorizations.
  Am I missing something here?
  Pradeep

  Thanks Easwar
  stateless was giving me other issues.
  I managed to solve the problem with the below code.
  ManagedConnectionFactoryConfig mConfig = (ManagedConnectionFactoryConfig)    (getConnectionFactory().getManagedConnectionFactoryConfigs().get("JCO"));
  Properties props = mConfig.getConnectionDefinition("ISA_COMPLETE").getProperties();
  connection = getDefaultJCoConnection(props);
  Pradeep

• Standard roles, groups, profiles of a rfc-user

  hi,
  can anybody tell me please, which are the standard roles, groups and profiles of a rfc-user in our sap xi-system?
  thanks.
  regards
  Stefan

  Hi,
  Check the links for authorizations.
  http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
  also check if your user have this roles in abap stack TECODE su01
  SAP_XI_ADMINISTRATOR
  SAP_XI_CONFIGURATOR
  SAP_XI_CONTENT_ORGANIZER
  SAP_XI_DEVELOPER
  SAP_XI_DISPLAY_USER
  SAP_XI_MONITOR
  SAP_ALM_ADMINISTRATOR
  SAP_J2EE_ADMIN
  SAP_SLD_ADMINISTRATOR
  SAP_SLD_CONFIGURATOR
  SAP_SLD_DEVELOPER
  SAP_XI_ADMINISTRATOR_ABAP
  SAP_XI_ADMINISTRATOR_J2EE
  SAP_XI_CONFIGURATOR_ABAP
  SAP_XI_CONFIGURATOR_J2EE
  SAP_XI_ID_SERV_USER
  SAP_XI_IR_SERV_USER
  SAP_XI_RWB_SERV_USER
  SAP_ALM_CUSTOMIZER
  SAP_BC_BASIS_ADMIN
  SAP_BC_BASIS_MONITORING
  ARG_XI_DEV
  Thanks,
  Vijaya.
  Edited

• RFC user in CPS

  HI All,
  Iam geteting the following error whentrying to start the one of the process server in CPS
  Service "SAPR3Service" on process server "lzuce0dx_SE1_63_ProcessServer" stopped unexpectedly.
  Details:
  Exception: 126: BAPI exception while calling BAPI_XMI_LOGON: E XM 026 You have no authorization to log on to interface XBP [XBP, , , ]
  My Question is:
  I have entered my SAP login ID in the XBP tab of the SAP systems under "Environment" , does this ID does not have the previlage to enter the XBP ?
  Or the RFC user does not have the authorisation to enter the XBP ?
  Please advise.
  Regards
  Kiran

  Hi,
  If I read your description correctly, you have entered your SAP login credentials on the XBP tab.
  That means, that your credentials are used for the RFC connection.
  So your user does not have sufficient privileges to connect (via RFC) to the XBP interface.
  In the documentation there is a list of privileges/profiles required for the CPS RFC user.
  Please verify if your user has these privileges, or even better: create a separate RFC user for CPS.
  Regards,
  Anton.

• RFC user profile

  Hello,
  We are on SRM 5 and our RFC user to our backend is SAP_ALL.
  But for Sarbane Oaxley Controle we can't keep this SAP_ALL for this user.
  Does Someone knows wich profile or authorization we have to give to the RFC user?
  Thanks

  Hi,
  I am Putting the same information as per the note as per the note mentioned by Yaan(For those who dont have access for that note)
  <b>Solution</b>
  1. The RFC user should be created as a background user in the back-end system.
  2. If you do not want to use profile SAP_ALL for safety reasons, you can create your own profile with restricted basis authorizations:
  Call Transaction PFCG for the role maintenance and create your own role.
  In the role, go to the 'Authorizations' tab and choose 'Change Authorization Data'.
  Do not select ANY template on the dialog box.
  Choose menu option 'Edit -> Insert authorization(s) -> Full authorization' and confirm the dialog box 'Insert all authorizations' with 'Yes'.
  Choose menu option 'Utilities -> Technical names on'.
  For object class 'Basis  Administration' (BC_A), set the following authorization objects to inactive:
  System authorizations (S_ADMI_FCD)
  Authorizations: Check for roles (S_USER_AGR)
  User master maintenance: Authorizations (S_USER_AUT)
  User master maintenance: User groups (S_USER_GRP)
  Authorizations: Deactivate authorization objects globally (S_USER_OBJ)
  User master maintenance: Authorization profile (S_USER_PRO)
  Users: System specific assignment authorization checks (S_USER_SAS )
  User master maintenance: System for central user maintenance (S_USER_SYS )
  Authorizations: Transactions in roles (S_USER_TCD)
  Authorizations: Field values in roles (S_USER_VAL)
  For object class 'Basis  Development Environment' (BC_C), set the following authorization objects to inactive:
  ABAP Workbench (S_DEVELOP)
  Authorization for documentation maintenance via SE61 (S_DOKU_AUT)
  Maintenance of glossary and terminology objects (S_TERM_AUT)
  Authorization object for translation environment (S_TRANSLAT)
  Transport Organizer (S_TRANSPRT)
  Generate and save the authorizations, profiles and role.
  3. Assign the new role to your RFC user by using Transaction SU01.
  Cheers...
  Santosh

• Order not getting saved with RFC user

  Hi CRM experts,
  We have custom report to update payment card details in CRM order. For an error order when I try to update the card details in CRM it successfully deactivates the "Contains Error(I1030)" status and saves the order.
  Whereas the same error order when I try to update the card details through external system, the user is RFC user, the program does not deactivates the status I1030 and the order gets saved with error.
  Initially I thought it is an authorization issue with RFC user, so I tried applying SAP_ALL access to RFC user but it did not work.
  Kindly suggest the possible solution.
  Thanks in advance
  Meenu.

  Hi Meenu,
  The standard one order framework works in such a way that when any changes to any object like PARTNER , HEADER , ITEMS , CARDS etc take place, then after changes done, the system checks for any inconsistency for that particular object and displays error messages accordingly.
  At the next change, the check runs again and the messages are removed. The checks are run through the standard event framework of BEFORE and AFTER. So in case the error messages are not getting removed, it means that these events are not getting triggered properly. I think that you are using individual FM for changing the details which could be something like CRM*CARD*MAINTAIN*OW*, you can try using CRM_ORDER_MAINTAIN, as this FM triggers all events correctly.
  /Hasan

• PM Order is getting blocked by RFC user

  Hi all, i'm facing the following problem. We've an FM that is invoked externally using an RFC user, that is used to change the status of an specific order. This FM first makes the ENQUEUE of the given object, with the following data:
      CALL FUNCTION 'ENQUEUE_ESORDER'
        EXPORTING
          mode_aufk            = 'S'
          aufnr                     = number
          _wait                     = 'X'
        EXCEPTIONS
          foreign_lock           = 1
          system_failure       = 2
          OTHERS               = 3 .
  Then calls the standard FM STATUS_CHANGE_FOR_ACTIVITY and after that executes the
      CALL FUNCTION 'DEQUEUE_ESORDER'
           EXPORTING
                aufnr = number.
  After that we have a COMMIT WORK.
  Somehow and with no explicit reason, the given order remains locked by RFC user, sometimes for several hours.
  This happen in Production System. We'd never get this kind of situation on pre-production.
  Does anyone have any clue about this ???
  Thanks for your kind attention.
  Regards,

  Hi Rahul,
  Thanks for your answer. But it seems to me that the problem is not a question of authorization, because this same user is used in the same system for another processes.
  For example, today we have an Order that is blocked in SM12 since 12:47:12 and the processes for closing it still remains active and waiting, but in another way for Orders of the same type during today, this situation doesn't occur and the respective processes were finished sucessfully.
  Thanks anyway.
  Regards,

• Authorisations for RFC User

  Hello,
  Does anyone have an exhaustive list of the authorisations that should be granted to RFC users in GTS and for those in the Feeder Systems?
  Thx,
  Marc

  Hi Marc
  I haven't reached this stage yet, as you know.. from the question you have answered for me.
  But I believe it is authorization to the object s_rfcacl. Can you check if it works ?
  (In a similar situation we tried to give the user access to additional RFC authorizations or SAP_ALL and then once we found the rfc working... reduced the authorizations given to that user)
  Is there any specific error that you get when you run the RFC authorization test ?

• Variable value to be populated based on user authorization

  Hi all,
  I want to have a variable with single value on plant.
  when the user executes the report, value of the variable has to be populated automatically based on the authorization of the login user and it has to show the output without displaying the selection screen.
  Kindly guide me of, what type of variable to create and to proceed.
  Thanks.
  I

  Hi
  Restriction Plant from user authorization can be achieved by the following steps
  1. Plant infoobject should be authorization relevant.
  2. make authorization object including plant and restrict to the plant u needed and assign the profile to the user
  3. in BEX create variable of authorization type on plant. this variable will get the default values for the plant from the user authorization on the selection screen of the query.
  4. if you dont want to display the variable on the selection screen then remove the chek box in variable that " variable is not ready for input"
  thanks
  radhika

• Password inconsistancy issue with RFC users in ECC 6.0 System after upgrade

  Hi,
  We have upgraded the system from 4.7 to ECC 6.0, but facing the password inconsistancy problem for RFC users. We have set the parameters like "login/min_password_lng" as "8" and "login/password_downwards_compatibility" as "3" & RFC user Type is "system". Could you please suggest how to resolve the password inconsistancy issue.

  Hi Chandan,
  you need to run the txn. SECSTORE and there it will shows you all the RFCs that have inconsistent passwords. Please maintain the correct passwords there.
  In case the existing passwords are no longer acceptable due to new security policies as per the new SAP version, you will have to change the password from SU01.
  Regards,
  Shitij

• RFC function module always creating BPs with the same user name (RFC user )

  Hi All
  I posted the below question in a different area before. But thought it would be more suitable here.
  Moderators - Please let me know if am doing any mistake.
  Question:
  I have a RFC function module in CRM that creates Business Partners in ECC (XD01 tcode).
  I am using a dialog RFC destination configured in SM59 in CRM.
  But my RFC function module in CRM is always creating the Business Partners in ECC with the RFC user id (the user that we maintain for the RFC destination in SM59).
  This is a problem for the users because they are not able to track the actual person responsible for creating these Business Partners.
  Can somebody please let me know how to solve this problem?
  Thanks
  Raj

  Hi.
  You may use the trust relationship between CRM and R/3 and in SM59 instead of set a specific username, you set the flag "current user".
  With this flag, the system will access R/3 system with the user logged in CRM system. The Trust relationship must be created between CRM and R/3 in order to the system doesn't ask for a password to login in R/3.
  If you need more details please reply.
  Kind regards,
  Susana Messias