SAPJSF user  System user or communications user ??

Similar Messages

• Communication User Is Enough In RFC Destination Userid-Parameter

  Hi Guys,
     I Have The Rquirement Like,i have to call the remote function module which is in quality server from the development system,so for that i have created rfc destination in development system in the logon&security,i have given the userid,which was created by the basis team,this user is a communication user,not a dialog user,with this communication user, iam unable to connect to the system through program
           call function fm1 destination des.
  i would like to know whther we can conncet to the system through the communication user,or dialog user is must.please give ur valuble suggestion on this query..
                           thanks in advance...
  thanks&regards
     srinivasulu.j

  Hi Ranganath,
      Thanks For u r valuble suggestion,with the communication user given in rfc destination ,the connection is not establishing,when i click on test connection button in sm59,it is not showing any error,but when iam trying to execute form the program by calling the remote function module by giving the rfc destination,i checked in debugging,it is not connecting to the other sytem,pls provide some solution for this..
  thanks&regards
    srinivasulu.j

• SMSY creates RFC user as "Communication" user type

  Transaction SMSY was used to create RFC destinations to all satellite systems. In the SMSY wizard, it was requested that the RFC be created as well. After both RFC user and destination were created, it was perceived that the RFC user is of type "Communication".
  According to SAP Note 622464, "Communication" user will require the user to modify the password after it has expired. Therefore, I ask:                                                                               
  1. Why does SMSY creates RFC user of type "Communication" instead of  "System"?                                                              
  2. Is there any harm if the RFC user is updated from "Communication" to "System"?

  Hello,
  'Communication' users are used to 'communicate' ! So they require dialog login (like here in these RFCs) and which they can do and for what they are defined i.e. to login or to make communcation possible via RFCs
  'System' users are used to handle the background tasks which do not require dialog login across SAP systems or via RFCs. In other words, system user is not a dialog user and hence can't act as a user in RFCs to communicate acrosss SAP systems !
  Hence,
  1. SMSY creates 'communcation users'
  2. if the RFC user is updated as the system user, then no 'dialog login' and hence 'no communication'

• Creating Communication users in CUP (II)

  Hi again,
  Following the previous post Creation of Communication users in CUP I would like to post a further question:
  When requesting provisioning for a user in a target SAP System and having LDAP set as user data source, user ID is search by using the "magnifying glass".
  Question 1) What  if we are creating a user ID for a communication user that does not exist in LDAP?
  Thanks in advance. Best regards,
    Imanol

  Frank,
  You never loose
  Clear first option. What about the second one? What do you mean by  sending the request through the web service? Could you provide me more details about that?
  Many thanks in advance. Regards,
     Imanol
  By the way, sorry for beaten Germany in Semifinals Spain is crazy these days.after winning the first football world cup.

• ALTER USER를 실행한 사용자를 확인하는 방법(SYSTEM EVENT TRIGGER)

  제품 : ORACLE SERVER
  작성날짜 : 2002-11-07
  ALTER USER를 실행한 사용자를 확인하는 방법(SYSTEM EVENT TRIGGER)
  ================================================================
  PURPOSE
  자신이나 또는 다른 user들의 password를 바꾸는 등의 alter user command를
  사용한 사용자를 확인하는 방법을 알아보자.
  Explanation & Example
  1. 사용자 정보를 저장할 event table을 생성한다.
  Create event table and users to store the alterations made:
  SQL> connect / as sysdba;
  create table event_table
  ora_sysevent varchar2(20),
  ora_login_user varchar2(30),
  ora_instance_num number,
  ora_database_name varchar2(50),
  ora_dict_obj_name varchar2(30),
  ora_dict_obj_type varchar2(20),
  ora_dict_obj_owner varchar2(30),
  timestamp date
  create user test1 identified by test1;
  grant create session, alter user to test1;
  create user test2 identified by test2;
  grant create session to test2;
  2. SYS user에서 AFTER ALTER Client Event Trigger 를 생성한다.
  Note: This step creates a trigger and it is fired whenever the user "test1"
  issues ALTER command (It can be ALTER USER or ALTER TABLE)
  SQL> CREATE or REPLACE TRIGGER after_alter AFTER ALTER on database
  BEGIN
  IF (ora_dict_obj_type='USER') THEN
  insert into event_table
  values (ora_sysevent,
  ora_login_user,
  ora_instance_num,
  ora_database_name,
  ora_dict_obj_name,
  ora_dict_obj_type,
  ora_dict_obj_owner,
  sysdate);
  END IF;
  END;
  3. test1 user로 접속한 후 test2 user의 password를 변경하는 작업을 실행한다.
  SQL> connect test1/test1
  SQL> alter user test2 identified by foo;
  4. test2 user의 password가 test1 user에 의해 변경되면 그런 내용을
  event_table 에서 확인할 수 있다.
  Now that we have altered the "test2" user password from user "test1", the
  event_table should have captured this details.
  Now Login in as sys and Query on event_table:
  SQL> connect / as sysdba;
  SQL> select * from event_table;
  ORA_SYSEVENT ORA_LOGIN_USER ORA_INSTANCE_NUM
  ORA_DATABASE_NAME
  ORA_DICT_OBJ_NAME ORA_DICT_OBJ_TYPE
  ORA_DICT_OBJ_OWNER TIMESTAMP
  ALTER TEST1 1
  T901.IDC.ORACLE.COM
  TEST2 USER
  13-JUN-02
  event_table의 내용을 조회하여 LOGIN_USER와 ALTERED USER 는
  ORA_LOGIN_USER와 ORA_DICT_OBJ_NAME column을 통해 확인할 수 있다.
  비슷한 방법으로 아래의 event에서 trigger를 생성하여 확인할 수 있다.
  1) BEFORE DROP
  2) AFTER DROP
  3) BEFORE ANALYZE
  4) AFTER ANALYZE
  5) BEFORE DDL
  6) AFTER DDL
  7) BEFORE TRUNCATE
  8) AFTER TRUNCATE
  Related Documents
  Oracle Application Developer's Guide

• Alter user system identified by manager; need help

  SQL> connect /as sysdba;
  Connected.
  SQL> alter user system account unlock;
  User altered.
  SQL> alter user system identified by manager;
  User altered.
  SQL> connect system/manager@q17als;
  ERROR:
  ORA-28000: the account is locked
  Warning: You are no longer connected to ORACLE.

  can you try do to the connect system/manager without
  putting the @q17als on it?
  I bet it will work
  Well that one should work, although it may not connect to the right database.
  What may have happened is he logged in to a different database using "/as sysdba" and unlocked SYSTEM account there. Therefore connecting as system without using an alias would work (if the password is manager).
  the net service name for q17als probably uses different database in its connect descriptor. We can see that if we know what connect descriptor for q17als looks like. (tnsping q17als or checking tnsnames.ora)
  I agree with the earlier posts - I think you are
  dealing with two different databasesThat is what I am trying to prove as well

• BPC 7.5 NW- error 'Name or password of RFC Communication user is invalid '

  Hi
  Environmen: Win 2008 R2, CPMBPC 7.5 SP09, BW 7.2 Sp09, .NET BPC 7.5 SP09
  I just completed installing .NET BPC 7.5 and when I try to open BPC Server manager, i get "cannot coonect to ABAP server' error.
  When I try to open the website http://localhost/osoft I get the error "name or password of RFC communication user is invalid".
  I see the same error in the BPC logs as well.
  I have the tried the following so far:
  1. Created single domain user for the three communication users BPC_sysadmin, BPC_admin & BPC_user.
  2. I momentarily changed to dialog users and logged in to check their fucntioning.
  3. I have generated their relevant profiles. Inlcuded SAP_ALL, SAP_NEW for the sysadmin ID
  4. I have disabled firewall, allowed port 80 on Windows firewall.
  5. I have disabled UAT
  6. I have followed the rest of the installation as per inst guide.
  When I run BPC server manager diagnostics, I see error "SAP ABAP server connection:database connection:status error".
  Can someone tell is there anything else that I could try ?
  many thanks
  Sreekanth

  Hi,
  If when you launch BPC Server Manager, you do not get "Cannot connect to ABAP server", this means user BPC_SYSADMIN is connecting correctly. And assuming you had invalid RFC user in BPC Web, your issue is then only with user BPC_USER (or BPC_ADMIN if the issue is with BPC Admin client only)
  If you do get that error, it means the error is for more than one user, so I would look for something big missing.
  In point 1 you mention domain users, make sure in BPC Server Manager under "reset login credentials" that you do not have windows users specified there as it's a common mistake, those should be your 3 BW communication users
  On BPC .Net server, if you installed SAP GUI, run an MDX_PARSER test in SM59 to check librfc32.dll is working correctly
  Also quite common issue it is possible your background users have wrong authorizations; in PFCG check the roles SAP_BPC_SYSADMIN SAP_BPC_ADMIN and SAP_BPC_USER were copied to customer namespace and that the role are active (user tab should be displaying green light) and assigned to the background communication users
  Also check the background users are not locked in SU01 (if they are locked the password saved on .Net server was or is not matching the real password defined on NW server)
  Thanks,
  Julien

• How to trace communication users in system & build a role

  Hi all
  I have a requirement in my compnay to create a role for communication users currently assigned to SAP_ALL
  we have 20 communication id's & turning on trace is not feasible option due to the impact on system performance.
  Plz let me know what is the approach i need to have inorder to find neccessary tcodes & objects into my role.
  thank you in advance.
  Best Regards
  NaveenMurthy_

  What I meant is that good "housekeeping" and securing of these sensitive RFC connections is hard to do properly if you are "far away" from them.
  Go figure why SAP delivers many of their connection wizards with SAP_ALL... they don't know either what the customer will be using and which data will be transfered and when you might need to temporarily debug the connection or when someone will try to use an existing connection for a new application without thinking about developing a new role to go with it, or which checks an SP might introduce which then pop up as a problem in a remote program or system, etc.
  Really, it is not an easy thing to do properly (both technically and procedurally) and the further you are away from it, the more hassle it will be.
  No inflamatory hype intended toward any specific type or location of "offshoring".
  Cheers,
  Julius

• Creation of Communication users in CUP

  Hi,
  Is it possible somehow to manage the creation of a non dialog user (i-e: communication) using CUP after the relevant request has been ended and approved?
  Thanks in advance. Best regards,
    Imanol

  Imanol,
  here's what you need to do:
  Create a custom field "User Type" with the following values:
  A - Dialog User
  B - System User
  C - Communication User
  L - Reference User
  S - Service User
  (or at least the ones you need...)
  Make "Dialog User" the default.
  Then create a mapping in Field Mapping - Provisioning where you map this to the R/3 field "User Type" for the systems that you want to create non-Dialog users in.
  Hope that helps,
  Frank.

• Query SAP BW via BO universe - Dialog user / Communication user

  Hi,
  Context: XI 3.1 Web Intelligence on top of SAP BW.
  Can a communication user be used in the universe connection? or does it need to be a dialog user?
  Possibly the following post already gives the answer:
  Change BEX query to run in background process instead of dialog?
  Terminology used there is slightly different, we just want to be sure.
  Thanks!
  Raf

  Hi,
  I just tried it with User Type = Communications data and with User Type = System. Both of them worked fine and I was able to display the queries/infocubes from BW.
  Hth.,
  Jacob

• Use of communication user in RFC of HCM process types

  Dear All,
  I have created an HCM-PA package, and when used a communication user in the RFC it gives me the error that no data exists for your user in the Transfer selection criteria activity (This is not an issue with defining target areas I have confirmed)
  I then used my ID ( a dialog user) and it works well. However, now I want other users (about 10) to be able to run their respective packages. Does that mean I have to add each of these 10 users to the RFC? How can I resolve this without having to use their ID in the RFC maintenance?
  Thanks
  Harmeet

  Hi Harmeet,
  the easiest thing to do is to define a CPIC user in your receiver system destination and then to use the customising activity "Set technical switches". Here you can set a switch called SND_LOGON to the value 'X'.  When you do this, the person who calls the transfer program with the activity "Transfer Selection Criteria" must explicitly log on using their own sender system user.
  This method means that the user must have the correct HCM authorisations and prevents that a dialogue user is defined in the RFC definition (which, of course, anybody could use).
  Hope this helps.
  Gerard.

• Is Communication user recommended to access Webdynpro ABAP?

  Hi,
  I don´t know if somebody knows if we can recomend the client to use a communication user type for accesing Webdynpros for ABAP, can this cause some licence problems? or communication users can be used by final users without a problem?
  Hope somebody can help!
  Thanx in advanced!
  kind regards,
  Gerardo J

  Hi Gerardo,
  main difference between dialog and communication user is the access via SAPgui. The license still depends on the role of the user not the user type.
  Property \ User Type            Dialog  Communication   System  Service
  Dialog logon (SAP GUI)          X       -               -       X
  Multiple logons                 -       X               X       X
  RFC logon                       X       X               X       X
  Background job execution        X       -               X       X
  Password change                 X       X               -       -
  Logon ticket can be generated   X       X               -       -
  Probably you mean "named user" and "anonymous user". For this Q you always have to ask your SAP sales person (because it depends...)
  Hope this helps a little bit.
  Best regards, Uwe

• JCO authentication through communication user password expiry problem

  Hi,
  We are using communication user for accessing our metadata. As per help.sap.com the authorizations for this user must be set in the backend so that this user can access all DDIC function modules.I have doubts as follows
  1. What are the Roles in R/3 we need to assign to the user to access DDIC function modules.
  2.As per our company IT policy, The default settings in R/3 for change of initial password is 3 days. After 3 days the password gets expired? Which user are we supposed to use for jco Communication user, system user, or service user? plz clarify.
  Regards,
  Sreeram

  Hi Sreeram,
  For the JCo user for defining the metadata can be a service user. with jsf communication authorization.
  hope this helps
  -Madhu

• Communications user password expires

  Hi,
  The password of our  communications user (ZCONTRANS) always expires/deactivated.
  How can I set tha password of this particular user not to expire? 
  We could not chage the login/password_expiration_time parameter because we need dialog users password to expire every 90 days (for audit requirement).
  thanks,
  kbas

  HI,
  use the usertype 'SYSTEM' instead of usertype 'Communication'. Passwords of 'System'-users do not
  expire. (the usertype can be set in SU01->tab 'logondata')
  b.rgds, Bernhard

• Authentication for user system denied in realm weblogic

  hi,am using Web Logic 6.1 on hp and all works fine, I've a cron which kicks off
  every morn.
  This cron stops the web logic app server (admin server), then starts it. The stopping
  is done with a shutdown.sh script. I've noticed all the posts here about "Authentication
  for user system denied in realm weblogic" seem to be in code. This is diff as
  it's on shutdown.
  My shutdown script does the below:
  #!/bin/sh
  JAVA_HOME=/opt/weblogic6.1/jdk131
  WL_HOME=/opt/weblogic6.1/wlserver6.1
  CLASSPATH=$WL_HOME/lib/weblogic_sp.jar:$WL_HOME/lib/weblogic.jar
  JAVA_RUN="${JAVA_HOME}/bin/java -classpath ${CLASSPATH}"
  WLS_PW=try_abc
  RUNCMD="${JAVA_RUN} weblogic.Admin -url localhost:9100 SHUTDOWN -username system
  -password $WLS_PW"
  echo $RUNCMD
  $RUNCMD
  When it's run the below is printed. Any help appreciated on this!!
  /opt/weblogic6.1/jdk131/bin/java -classpath /opt/weblogic6.1/wlserver6.1/lib/weblogic_sp.jar:/opt/weblogic6.1/wlserver6.1/lib/webl
  ogic.jar weblogic.Admin -url localhost:9100 SHUTDOWN -username system -password
  admin2001
  Authentication for user system denied in realm weblogic
  Start server side stack trace:
  java.lang.SecurityException: Authentication for user system denied in realm weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:195)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
  at weblogic.kernel.BootServicesImpl.authenticate(BootServicesImpl.java:119)
  at weblogic.kernel.BootServicesImpl.findOrCreateClientContext(BootServicesImpl.java:203)
  at weblogic.kernel.BootServicesImpl.invoke(BootServicesImpl.java:148)
  at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:620)
  at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:581)
  at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:164)
  at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:640)
  at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:454)
  at weblogic.socket.PosixSocketMuxer.deliverGoodNews(PosixSocketMuxer.java:456)
  at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:385)
  at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:24)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  End server side stack trace

  This is the way it should be. You should not be able to call from one server into
  another using the system user without having to provide a password.
  Yeshwant <[email protected]> wrote:
  >
  Hi Jose
  What version of the server are you using . In 6.x this is a known issue
  The workaround as you mention is to have the same password for the system
  user.
  Jose Perez wrote:
  Hi all,
  I'm having problems when communicating 2 EJBs in different weblogic Serverinstances,
  one acts as a "client" and the other as a "server".
  The exception is "Authentication for user system denied in realm weblogic".This
  only happens if the user system has different password in each server.
  Any idea?
  Thanks in advance