Use of communication user in RFC of HCM process types

Similar Messages

• J2ee_admin is used as the user when RFCs are run on the web dynpro appln.

  I have created a web dynpro application which has some RFCs on the model.
  View is an adobe form which send the data to the RFC and upon submit executes the RFC to create an item in SAP (xRPM).
  When the RFC is run, user is taken as J2EE_ADMIN even when authentication is enabled on the application and
  a different user is used.
  Is it due to the adobe form or  the web dynpro application?
  Is there anyway we can change this default and capture the user logged in accordingly.
  Versions used:
  NWDS 7.0
  SAP NW 2004s SP 15
  Adobe Live cycle designer 7.0
  Thank you,
  Vasu

  Hi Subramanya,
  Please check the user Id, what your given for JCO connection (MODELDATA & METADATA).
  Regards
  Ponnusamy

• Is Communication user recommended to access Webdynpro ABAP?

  Hi,
  I don´t know if somebody knows if we can recomend the client to use a communication user type for accesing Webdynpros for ABAP, can this cause some licence problems? or communication users can be used by final users without a problem?
  Hope somebody can help!
  Thanx in advanced!
  kind regards,
  Gerardo J

  Hi Gerardo,
  main difference between dialog and communication user is the access via SAPgui. The license still depends on the role of the user not the user type.
  Property \ User Type            Dialog  Communication   System  Service
  Dialog logon (SAP GUI)          X       -               -       X
  Multiple logons                 -       X               X       X
  RFC logon                       X       X               X       X
  Background job execution        X       -               X       X
  Password change                 X       X               -       -
  Logon ticket can be generated   X       X               -       -
  Probably you mean "named user" and "anonymous user". For this Q you always have to ask your SAP sales person (because it depends...)
  Hope this helps a little bit.
  Best regards, Uwe

• SMSY creates RFC user as "Communication" user type

  Transaction SMSY was used to create RFC destinations to all satellite systems. In the SMSY wizard, it was requested that the RFC be created as well. After both RFC user and destination were created, it was perceived that the RFC user is of type "Communication".
  According to SAP Note 622464, "Communication" user will require the user to modify the password after it has expired. Therefore, I ask:                                                                               
  1. Why does SMSY creates RFC user of type "Communication" instead of  "System"?                                                              
  2. Is there any harm if the RFC user is updated from "Communication" to "System"?

  Hello,
  'Communication' users are used to 'communicate' ! So they require dialog login (like here in these RFCs) and which they can do and for what they are defined i.e. to login or to make communcation possible via RFCs
  'System' users are used to handle the background tasks which do not require dialog login across SAP systems or via RFCs. In other words, system user is not a dialog user and hence can't act as a user in RFCs to communicate acrosss SAP systems !
  Hence,
  1. SMSY creates 'communcation users'
  2. if the RFC user is updated as the system user, then no 'dialog login' and hence 'no communication'

• When I try to sign in to the support community using one of my email addresses it asks for my apple support community user name and when I type in what I think it might be I get one of several messeges Ie. An account using this e-mail address already exis

  When I try to sign in to the support community using one of my e-mail addresses and I put in nothing or what I thought was my apple support community user name I can get one of several messages
  Ie.1. Please specify a user name
  2.An account using this e-mail address already exists; only one account per e-mail address is allowed on Apple Support Communities
  How do I find out what my Apple Support Communities user name is

  Good luck with this!!!
  EVEN USING what WAS my Username, this is the exact problem I am having having entered my correct ID and Password.
  Rgds
  Rod

• Communication User Is Enough In RFC Destination Userid-Parameter

  Hi Guys,
     I Have The Rquirement Like,i have to call the remote function module which is in quality server from the development system,so for that i have created rfc destination in development system in the logon&security,i have given the userid,which was created by the basis team,this user is a communication user,not a dialog user,with this communication user, iam unable to connect to the system through program
           call function fm1 destination des.
  i would like to know whther we can conncet to the system through the communication user,or dialog user is must.please give ur valuble suggestion on this query..
                           thanks in advance...
  thanks&regards
     srinivasulu.j

  Hi Ranganath,
      Thanks For u r valuble suggestion,with the communication user given in rfc destination ,the connection is not establishing,when i click on test connection button in sm59,it is not showing any error,but when iam trying to execute form the program by calling the remote function module by giving the rfc destination,i checked in debugging,it is not connecting to the other sytem,pls provide some solution for this..
  thanks&regards
    srinivasulu.j

• Not able to use password with characters for RFC User.

  hi All,
  I have installed SAP SCM 5.0 with MaxDB 7.6and liveCache 7.6.
  I created RFC user and RFC destination to administer liveCache globally as per SAP notes 305634 and 452745. I changed the initial passwords and tested Remote login for RFC User.
  But when I try to start liveCache with startrfc following the link below
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/95/379f3cad1e3251e10000000a114084/frameset.htm
  I got the following error
  RFC Call/Exception: SYSTEM_FAILURE
  Group       Error group 104
  Key         RFC_ERROR_SYSTEM_FAILURE
  Message     Name or password is incorrect (repeat logon)
  Then I logged into the CI with RFC user and try to start the liveCache with RSLVCSTART T-Code SE38..I got the following error.
  Error DBMCLI_COMMAND_EXECUTE_ERROR when starting liveCache LCS on server saplcslc
  Message no. LVC007
  I tried by changing the password for RFC user to numeric [0-9] and special characters [$,:] which worked fine.
  Does anyone faced this issue earlier? I searched notes, sdn and finally google ... but no luck to resolve the issue.
  Your help is much appreciated.
  Thanks,
  Venkat

  Yes I used LCA as liveCache connection. I resolved the issue with RSLVCSTART. Thanks for your suggestion to run connection test. I used wrong password for control user in the LCA connection. Now LCA connection shows everything is fine.
  But I am still not able to use alphanumeric password RFC user to start the liveCache from command line. I get the following when run startrfc command...
  bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p Mach1cspsap\$ -l EN -F START_LIVECACHE_LVC -E IV_CON_NAME=LCA
  RFC Call/Exception: SYSTEM_FAILURE
  Group       Error group 104
  Key         RFC_ERROR_SYSTEM_FAILURE
  Message     Name or password is incorrect (repeat logon)
  bash-3.00$ echo $?
  1
  But I can start the liveCache from command line with numeric password successfully.
  bash-3.00$ /usr/sap/CAT/rfcsdk/bin/startrfc -3 -d LCSCLNT001 -h sapcatci -s 51 -c 001 -u LCSRFC -p 19811983\$ -l EN -F STOP_LIVECACHE_LVC -E IV_CON_NAME=LCA
  bash-3.00$ echo $?
  0
  Note the difference between the passwords used. Do i need to change any settings to accept alphanumeric passwords for RFC user.
  Note that I am able to start liveCache server in both cases(alphanumeric password and numeric password) by logging into SAP GUI and RSLVCSTART program. The problem is only when i try to start the liveCache from the commandline.
  Any help will be much appreciated.
  Thanks,
  Venkat

• Regd. Use of Communication /Service user

  Hi All,
  I have a web service to Proxy scenario have created a user of type communication data.
  the roles assigned are :
  SAP_XI_APPL_SERV_USER
  SAP_XI_IS_SERV_USER
  Q>  With this user i am able to open/create/edit object in  IR and ID using the URL (i.e http://host:port/dir/start/index.jsp).I know that dialog logon is prevented.
         Is it a common issue? my concern is when i share the wsdl URL , it will have the host and port.Anyone can put the trailing
         part and easily logon and change/delete the objects (WorstCase)
  How to control this ? Do i need to customize the user role?if yes what is the exact customization required.Checked with Basis
  team also.Tried removing Dev related access ,after which the soap posting itself was not happening.
  Can any one suggest the Roles required?
  If communication user is supposed to access the IR and ID , then how i can control the access? Do i need to
  handle it at network level , if yes please put in your thoughts on the same.
  Regards,
  Srinivas

  First, only SAP_XI_APPL_SERV_USER is required for sending soap request to PI. So do no add extra roles. The othe role SAP_XI_IS_SERV_USER could be provided to other user to be used at receiver side channel.
  I know that dialog logon is prevented.
  Yes, and therefore abap engine access won't be possible.
  my concern is when i share the wsdl URL , it will have the host and port.Anyone can put the trailing part and easily logon and change/delete the objects (WorstCase)
  If the person trying to access the URL from outside your organization network, this won't be accessible unless firewall port are opened. If it is from within the organization's network, then it should be called as breach in Information Security.
  Regards,
  Prateek

• BPC 7.5 NW- error 'Name or password of RFC Communication user is invalid '

  Hi
  Environmen: Win 2008 R2, CPMBPC 7.5 SP09, BW 7.2 Sp09, .NET BPC 7.5 SP09
  I just completed installing .NET BPC 7.5 and when I try to open BPC Server manager, i get "cannot coonect to ABAP server' error.
  When I try to open the website http://localhost/osoft I get the error "name or password of RFC communication user is invalid".
  I see the same error in the BPC logs as well.
  I have the tried the following so far:
  1. Created single domain user for the three communication users BPC_sysadmin, BPC_admin & BPC_user.
  2. I momentarily changed to dialog users and logged in to check their fucntioning.
  3. I have generated their relevant profiles. Inlcuded SAP_ALL, SAP_NEW for the sysadmin ID
  4. I have disabled firewall, allowed port 80 on Windows firewall.
  5. I have disabled UAT
  6. I have followed the rest of the installation as per inst guide.
  When I run BPC server manager diagnostics, I see error "SAP ABAP server connection:database connection:status error".
  Can someone tell is there anything else that I could try ?
  many thanks
  Sreekanth

  Hi,
  If when you launch BPC Server Manager, you do not get "Cannot connect to ABAP server", this means user BPC_SYSADMIN is connecting correctly. And assuming you had invalid RFC user in BPC Web, your issue is then only with user BPC_USER (or BPC_ADMIN if the issue is with BPC Admin client only)
  If you do get that error, it means the error is for more than one user, so I would look for something big missing.
  In point 1 you mention domain users, make sure in BPC Server Manager under "reset login credentials" that you do not have windows users specified there as it's a common mistake, those should be your 3 BW communication users
  On BPC .Net server, if you installed SAP GUI, run an MDX_PARSER test in SM59 to check librfc32.dll is working correctly
  Also quite common issue it is possible your background users have wrong authorizations; in PFCG check the roles SAP_BPC_SYSADMIN SAP_BPC_ADMIN and SAP_BPC_USER were copied to customer namespace and that the role are active (user tab should be displaying green light) and assigned to the background communication users
  Also check the background users are not locked in SU01 (if they are locked the password saved on .Net server was or is not matching the real password defined on NW server)
  Thanks,
  Julien

• Communication user to use ITS services

  Are multiple logons allowed for the communication user by SAP?

  Jut what account are you talking about?  You can sync an unlimited number of iDevicesthat you control to one iTunes account.  However, you you can only have five computers authorized to use media purchased from one iTunes account. 

• Dynamic user in RFC Adapter

  I configure a RFC Receiver adapter to communicate with R/3. In my client application  (via Webdynpro) I send the message that use this communication, but I need to call the RFC using a dynamic user/password, that is, the user credentials that is logged. Is it possible? How I do it?
  thanks.

  Hi Elton,
  I don't think so, it is possible to have dynamic user ID and password for the RFC adapter. As of now...
  Because you need to enter the user id and password while configuring adapter itself.
  But if you want , you can call different RFCs based on the Condition etc.
  Hope this helps,
  Regards,
  Moorthy

• WebService Call Fails for Communication Users

  Hi
  I am calling a BAPI through web service in VB.NET windows application.
  The application works fine with Dialog users but when I use Communication User then it thows this message.
  The Request Failed with HTTP Status 401: Unauthorized
  Where as if i call the same BAPI through RFC with for this Communication User it is successful.
  What can be the reason ?
  Regards
  Rajendra

  The Web Service uses the HTTP protocol, whereas the BAPI is using RFC protocol.
  The reason for the "unauthorized" error in HTTP is that you need to embed the user / password combination into the web service URL (assuming you have set the Web Service authentication method to user / password).
  Regards,
  D.

• Communication User Locked..

  Hi All,
  Can you plz provide the information for this problem.
  How does a communication user gets locked & what could be the root cause for that problem?
  Thanks & Regards
  Srinivas K

  Hi Srinivas,
  Reasons for this:
  1) Somebody has changed the password of the communication id
  2) An RFC defined to refer that client has an incorrect password in SM59 for that Comm. id.
  >
  Srinivas K wrote:
  > a) If the password for the communication user has been expired, then do we need to reset it by using SU01?
  >
  Passwords for Communication users do not expire. Yes, SU01 is the way by which you change passwords, even for communication users. As mentioned earlier, its a bad idea changing the password of a Comm. user, as all other RFC's referencing to that client will have to be updated with the correct credentials.
  > b)"Communication users details not changed in all RFC communication configuration"---> I couldnt understand this, so could u plz provide some more information regarding this.
  >
  > Can we get information in ST05, with related to this problem?
  Debug the issue more. Look at the change documents of the Comm. user. See if anyone has changed the password. If not, then there might be a possiblity that some RFC referencing to that client has the incorrect details. ST05 is not what you are looking for. Look at SM20N (AIS) for the details.
  Do not change Comm. users to Service type! Comm. users normally have broad authorization, making it a service id is a heavy risk as SAP GUI access will be opened up!
  You might want to post/move this to the security forum
  Thank you
  Abhishek

• Can Communication User Id change its password

  Hello Experts,
  Can Communication User Id change its own password and can the password be deactivated automatically even after when its used?
  Regards,
  Sums

  Note that if either Communication or System users have authorizations themselves for the user management (S_USER_GRP actvt '05' for the assigned user group) then they will both be able to change passwords (including their own if in that group or not assigned to one).
  This is different to changing your own password voluntarily or being forced to by system password rules, but it is also a possibility you should ideally rule out (admin auths for RFC to change passwords).
  Unfortunately, several RFC functions and transactions make "bogus" checks on exactly this authorization but do not need them. You you need to be carefull with it. Particularly anything relating to Business Parter functions should be very suspect if you find it in an authorization trace - it is not needed.
  Cheers,
  Julius
  Edited by: Julius Bussche on Sep 20, 2011 10:30 PM

• Communication user is not requested change password

  Hi
  We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  How can this be? Shouldn't communication users be forced to change the password?
  In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  Thank you for your help.
  Regards, Morten

  >
  Morten Ellgaard wrote:
  > Hi
  >
  > We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  >
  > How can this be? Shouldn't communication users be forced to change the password?
  >
  > In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  >
  > Thank you for your help.
  >
  > Regards, Morten
  Well, that's a common misunderstanding:
  accounts of type "COMMUNICATION user" are subject of password expiration - however the password change requirement is not enforced (since the server cannot interact with the user). Actually that's not mainly caused by the user type but by the communication protocol being used: RFC and HTTP allow both, interactive and non-interactive system usage. Only the DIAG protocol (used by SAPGUI) ensures that an interaction with the user is possible - and in this case the system is enforcing a password change (when required).
  Note 622464 provides an overview on the user types and the ability / requirement to change passwords (and other impacts).
  Side-remark: modifying the USR02 field would not have any impact on the password change handling (beside the fact that such direct table manipulations are risky and strongly discouraged).
  As reported by other SDN community members (and stated in note 320991, quite at the end) there are some profile parameters that will cause RFC and HTTP based logon to fail for passwords which are expired / initial. Setting those profile parameters will result in a downwards-incompatible system behavior - for this reason the default setting is "off".
  Indeed, if you intend to use "technical accounts" for (automated) system-to-system communication, then kindly use the user type "SYSTEM". In that case, the password is neither "expired" nor "initial" - no password change is required nor can it be performed by the SYSTEM user itself. Only an user administrator can set a new password (in systems as of NWAS 7.0: even a downwards-compatible one - despite the password policy, see notes referenced by note 622464).