User IDs in adapters - XI Proxy, RFC

Hi mates,
I've created receiver adapters of type XI and RFC for an SAP R/3 business system. In these adapter parameters, what is the <b>ideal</b> user ID that needs to be specified? Should it be a service user id or dialog user id? What should be the optimal authorizations for it.
At the moment, I've specified my own user id and the adapters are working successfully. But, I foresee an issue with this method as I would be required to change the password at regular intervals.
What are the best practices regd the user ids in adapters? Please share your experiences.
I appreciate your inputs.
thx in adv
praveen

Hi Praveen,
I would suggest the use of a user of type "Communications" and have SAP_ALL assigned....
a user of type "Service" still has dialgo access whihc i donot think you would want...
pls see the types of users and their help...
User Type
Dialog 'A'
A normal dialog user is used by one person only for all types of logon.
During a dialog logon, the system checks for expired and initial passwords and provides an option to change the password.
Multiple dialog logons are checked and logged if necessary.
System 'B'
You use a user of type System for communication without dialog within one system (for RFC or CPIC service users) or for background processing within one system.
Dialog logon is not possible.
A user of this type is excluded from the general settings for password validity. Only the user administrator can change the password using transaction SU01 (Goto -> Change Password).
Communication 'C'
You use a user of type Communication for communication without dialog between systems (for RFC or CPIC service users for various applications, for example, ALE, Workflow, TMS, CUA).
Dialog logon is not possible.
Service 'S'
A user of the type Service is a dialog user that is available to an anonymous, larger group of users. Generally, this type of user should only be assigned very restricted authorizations.
For example, service users are used for anonymous system access via an ITS service. Once an individual has been authenticated, a session that started anonymously using a service user can be continued as a personal session using a dialog user.
During logon, the system does not check for expired and initial passwords. Only the user administrator can change the password.
Multiple logon is allowed.
Reference 'L'
Like the service user, a reference user is a general user, not assigned to a particular person. You cannot log on using a reference user. The reference user is only used to assign additional authorization. Reference users are implemented to equip Internet users with identical authorizations.
On the Roles tab, you can specify a reference user for additional rights for dialog users. Generally, the application controls the allocation of reference users. You can allocate the name of the reference user using variables. The variables should begin with "$". You assign variables to reference users in transaction SU_REFUSERVARIABLE.
This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in one of the CUA child systems, the assignment is ignored.
Thanks,
Renjith.

Similar Messages

  • CUA- Deleting user IDs from Child systems

    Is there a possibility of configuring CUA in such a way that user IDs can be created and access can be updated from CUA but deleting user IDs should be taking place only in the child system (Not in all the child systems)?

    Generally good advice to keep the uniqueness of UIDs over time, also after Elvis has left the building
    What you could consider is a CUA RFC user which is not authorized to delete UID's and schedule a purge job for those IDOCs which deleted only them.
    However these sorts of "workaround" solutions are not the best advise, to be honest. What happens it someone temporarily assigns SAP_ALL because there is a big problem and authorizations should be excluded as the cause to get it working again?
    Also, every time a new child system is added to the CUA you will be flooded.
    My advice: Rather change your procedure (as discribed by Jurgen).
    What would be interesting to test is whether you are authorized to move a user (change the authorization relevevant group which they currently have) to a group which the CUA user is no long able to subsequently administrate? But theen you will still be hunting down IDOCs from time to time, most likely.
    If your shop is big enough to have these systems you have described, then you might want to consider an IdM system to replace your CUA at some time.
    If you wish, I will move this thread to the IdM forum.
    Cheers,
    Julius
    ps: Please do not cross-post.

  • BAPI that contain user IDs , passwords

    Please let me know if there is any BAPI or RFC that contains the user information like user IDs, passwords etc. I need that to use in the XI. I am using SAP system as the target system or the source system .
    Thanks
    kanan

    There's the possibility to distribute users from a central user administration system (CUA) using an IDoc (e.g. USERCLONE05), this is also available as BAPI. However i don't think you can force a system that is not the CUA to generate this message.
    Regards
    Christine

  • My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

    My app store is not working after installing mavericks. When I open app store it repeatedly asking me to login with apple ID and to provide User name and Password for proxy authentication in a loop.I am a newbie to mac,Please help me.

    Hmmmm... would appear that you need to be actually logged in to enable the additional menu features.
    Have you tried deletting the plists for MAS?
    This page might help you out...
    http://www.macobserver.com/tmo/answers/how_to_identify_and_fix_problems_with_the _mac_app_store
    Failing that, I will have to throw this back to the forum to see if anyone else can advise further.
    Let me know how you get on?
    Thanks.

  • Exporting the user IDs from R/3 to a flat file

    I need to generate a flat file with all the user IDs from an ABAP system. How can I do that? is there something available out-of-the-box or I need to develop something?
    Also, is there a quick way to bering all the user IDs from R/3 into the Portal?

    Hi,
    Goto SE16 - click on the Table contents button in the screen and execute the table.it will list out the user details - > Edit > Download-> Spreadsheet ->give the name and location for the file.
    REward with points if it is useful
    Regards,
    Sangeetha.A

  • Sharing iTunes library across 2 Windows user IDs

    My Windows XP computer is set up with 2 user accounts. iTunes is installed and all of my music is stored in my Shared Music folder (this folder is in Shared Documents, which is accessible from each user ID).
    I want to be able to use iTunes from either Windows user ID. The problem is that iTunes creates and maintains 2 separate iTunes Music Library.xml files. When I'm logged on (user #1), iTunes uses the xml file in my My Documents folder. When my spouse is logged on (user #2), iTunes uses the xml file in her My Documents folder.
    This is problematic. If I add a new song to iTunes from my Windows ID (and the song file is placed in the Shared Music folder), it is added to my library and xml file. If my spouse logs on and launches iTunes, the song is NOT in her iTunes library. She has to manually add the file from the iTunes Add File to Library command.
    I'd like iTunes to use a single library that both Windows user IDs can use and maintain. I don't want to have to manually try to keep these in sync.
    I can't find any setting in iTunes for this, and the user guide doesn't even mention this topic. Any help is appreciated!!!

    TheMint,
    I think it works like this:
    The setting you describe is where iTunes will store the music files themselves (.aac or .mp3, etc.) However, iTunes creates an index of all of your music, and it uses that index to display all of your music in iTunes. The index file is called iTunes Library.xml
    The index is stored in the My Documents\My Music folder of the user ID you log in as. Apparently, you cannot tell iTunes to store this in a different location.
    So if you create an iTunes library under one Windows user ID, the index is created in that user ID's My Documents\My Music folder. If you then log in as another Windows user ID, iTunes does not see the index that was created by the first Windows user. Thus you do not see any of the music listed in iTunes.

  • How do I copy purchases between 2 itunes libraries on the same computer with different log ins and separate apple user ids?

    How do I copy purchases between 2 itunes libraries on the same computer with different log ins and separate apple user ids?

    Load the library which doesn't contain the songs and drag them into the open iTunes application window. If you need to move them between different computer user accounts, put them into /Users/Shared/.
    (74502)

  • Sharing music at home; sharing User IDs

    My wife and I are faced with a problem of playing music from the iTunes library we have built over the past few years either from CDs or from the Apple iTunes Store.
    I recently imported all our Cds into iTunes to save space and allow equal access. Our music now exists on ONE external hard drive. Most music tracks were imported from CDs, and therefore we don't have any restrictions who can play them. But then there is the music that either of us bought before and since married with our different User IDs. This means that music can only be accessed if originally bought by that person and on that authorized Mac.
    So what can we do?
    Is homesharing a good option? is it a viable option? Doesn't this require both Macs to be open at the same time to enjoy the music? What happens if I go to work with the music hard drive, and my wife needs to listen to tracks? I'd like to clone our music drive so she can access music in this situation, but it wouldn't allow her to listen to music I bought.
    Placing all the music on one hard drive makes it easier to consolidate your library, but only if you can access all the music.
    What have couples done in the past? Once married, do they create a 'couples' ID and buy music together for the home? Do you authorize your computers to that new account? And if so, what about the older music bought with older User IDs?
    How do people work around the authorization problem as well?
    Maybe the solution is to create non DRM versions of all our music and then we might be ok? Is that the only solution?
    I'd appreciate any thoughts on this matter.
    M
    ps: EULA has destroyed the idea of sharing. Piracy is so much easier with digital files, but knowing that parents can't hand down their music or films etc to their kids is very sad.

    You seem to be making quite a few incorrect assumptions in your post.
    MarcusOne wrote:
    But then there is the music that either of us bought before and since married with our different User IDs. This means that music can only be accessed if originally bought by that person and on that authorized Mac.
    Why do you think it means that? (it doesn't)
    So what can we do?
    Keep the music on a hard drive at home.
    Is homesharing a good option? is it a viable option? Doesn't this require both Macs to be open at the same time to enjoy the music?
    Yes.
    What happens if I go to work with the music hard drive, and my wife needs to listen to tracks?
    "The hard drive"? As in a single hard drive? Don't you each have hard drives on own computers? She can listen to all the tracks in her library.
    I'd like to clone our music drive so she can access music in this situation, but it wouldn't allow her to listen to music I bought.
    Why do you think this? iTunes purchases have been DRM free for almost 5 years.
    And even with DRM, just authorize the computer for each others account (which is automatically done when you enable Home Sharing).
    What have couples done in the past? Once married, do they create a 'couples' ID and buy music together for the home?
    Personally, I would not recommend it. Keep the accounts you have. No sense in tossing another into the mix.
    And if so, what about the older music bought with older User IDs?
    Just play it.
    but knowing that parents can't hand down their music or films etc to their kids is very sad.
    Why can't they?

  • How to restrict attachment of inactive user IDs for forwarding document.

    Dear All,
    We have some temporary IDs in the system which is now inactive in the system. Now in some applications where users select user IDs at their own for forwarding certain document to someone. Erroneously the sometime select the in active IDs. Which result in non delivery of the document.
    Is it possible to rectrict selection of inactive user IDs?
    Regards,
    Abdullah

    Hi
    Try to look at infotype 0105 subtype 0001 for getting active users.
    Ideally all these ID should be active
    if not then they should be another check for Employment Status '3' from Infotype 0000
    Thanks
    RAjdeep

  • Automatic Creation of User IDs

    Does anyone know of a standard SAP report/program that will generate User IDs for personnel records? I have a requirement to define a procedure that will review personel numbers to determine whether or not that personel number has an ID assigned to it. If it does not, then the report/program will generate an ID according to a particular naming convention. And of course, this report/program would assign the correct roles according to the position defined.
    I know that there are reports/programs that will update a user's access as he/she moves from position to position. I am hoping for one that will assist in the ID creation process.
    Maybe this is wishfull thinking on my part....
    I await your reponses!

    Sounds like you want to implement your own ESS (Employee Self-Service) application ...
    Before doing so, it might be advisable to check on what is already available.
    The Business Partner concept is a more general concept (only only restricted to "employees" and "applicants" but also applicable on "customers", "resellers", etc.) which also allows to assign logon data to "business entities".
    So, it would be helpful to know what you actually intend to achieve.
    Cheers, Wolfgang

  • Can I use a common music library across 2 Windows user IDs?

    My Windows XP computer is set up with 2 user accounts. iTunes is installed and all of my music is stored in my Shared Music folder (this folder is in Shared Documents, which is accessible from each user ID).
    I want to be able to use iTunes from either Windows user ID. The problem is that iTunes creates and maintains 2 separate iTunes Music Library.xml files. When I'm logged on (user #1), iTunes uses the xml file in my My Documents folder. When my spouse is logged on (user #2), iTunes uses the xml file in her My Documents folder.
    This is problematic. If I add a new song to iTunes from my Windows ID (and the song file is placed in the Shared Music folder), it is added to my library and xml file. If my spouse logs on and launches iTunes, the song is NOT in her iTunes library. She has to manually add the file from the iTunes Add File to Library command.
    I'd like iTunes to use a single library that both Windows user IDs can use and maintain. I don't want to have to manually try to keep these in sync.
    I can't find any setting in iTunes for this, and the user guide doesn't even mention this topic. Any help is appreciated!!!

    TheMint,
    I think it works like this:
    The setting you describe is where iTunes will store the music files themselves (.aac or .mp3, etc.) However, iTunes creates an index of all of your music, and it uses that index to display all of your music in iTunes. The index file is called iTunes Library.xml
    The index is stored in the My Documents\My Music folder of the user ID you log in as. Apparently, you cannot tell iTunes to store this in a different location.
    So if you create an iTunes library under one Windows user ID, the index is created in that user ID's My Documents\My Music folder. If you then log in as another Windows user ID, iTunes does not see the index that was created by the first Windows user. Thus you do not see any of the music listed in iTunes.

  • How to disable the previously entered user ID's that automatically appear. For example ; when logging into email , first letter of user ID promts the previously used email user IDs... Want to disable this feature---How can ot be done ?

    Question
    How to disable the previously entered user ID's that automatically appear. For example ; when logging into email , first letter of user ID prompts the previously used email user IDs... Want to disable this feature---How can it be done ?

    *Click the (empty) input field on the web page to open the drop down list
    *Highlight an entry in the drop down list
    *Press the Delete key (on Mac: Shift+Delete) to remove it.
    *http://kb.mozillazine.org/Deleting_autocomplete_entries
    * Tools > Options > Security: Passwords: "Saved Passwords" > "Show Passwords"
    * Tools > Options > Privacy > History: "Remember search and form history"
    * https://support.mozilla.com/kb/Remembering+passwords
    * https://support.mozilla.com/kb/Form+autocomplete

  • User Name and Password for JCO RFC call to BAPI

    Hi all,
    What I think I know:
    --We do NOT have Single Sign On configured so don't tell me to use SSO please - I agree, but...
    --We have a requirement to do a goods receipt which prints labels for the handling units 
    .....The printer to which the labels are directed depends on the user who is running the transaction
    What I think this means
    --We will need to specify a user name and password in the RFC call so the label will go to the correct printer
    --I cannot use the IllumnLoginPassword (or whatever its name is) for the password
    --I need to prompt the user for their password a second time after they login to our MII app
    The problem
    --I will need to store the password somewhere for the duration of the session
    ......In session variable that has been encryted
    .............I didn't see an encryption action block so I could create my own
    ......In the database using database column encryption
    .............A little bit of a pain, but not too bad
    Any corrections, alternatives, ideas .... ???
    Thanks,
    --Amy Smith
    --Haworth

    Thanks for the attention guys.  A little clarification.
    1.  I have been assuming that I cannot use the IllumnLoginPassword for the JCO SAP password in the action block.  If this is NOT true, then it solves my whole problem.
    2.  It would not work to prompt a shop floor person for their password every time they do an operation completion.  Well, at least
    if I don't want to not get lynched! 
    3.  I am planning on prompting people every time they log on for their ECC password and retaining it somewhere secure while they are logged on (and longer if they skip the logoff step.)
    4.  I have been focusing on how/where to retain the password, but also need a way to encrypt it during transmission.  Jeremy said the applet/BLS would at least encode it for me.  That is good.
    --Amy Smith
    --Haworth
    Edited by: Amy Smith on Feb 18, 2010 1:30 PM

  • Different user IDs in UME and ADS, mapping?

    Dear All,
    we want to implement Integrated Windows Authentication for Portal.
    For such a implementation we we've found descirption in the SAP Note: 935644 - "Configuring Kerberos on NW04 against Database User Store"
    The problem is, that we have different user IDs in J2EE Engine and MS ADS user store and the mapping has to be done "via additional UME attribute".
    Anyone know how to implement such a attribute mapping?
    Thanks for help!
    Karol

    Hi,
    I hope you might have done this..If not, follow this link...
    http://help.sap.com/saphelp_nw04/helpdata/en/b7/14d43f2dd44821e10000000a1550b0/content.htm
    Regards
    Krishnan

  • Short dump using CS_BOM_EXPL_MAT_V2 with different user ids

    Hi
    We are getting a short dump in our program when using FM'CS_BOM_EXPL_MAT_V2' and this is happening only for super user roles but not with regular user ids in production. We are not able to identify the solution yet, and it needs to be resolved as quickly as possible. Anyhelp, really appreciated.
    Thanks
    Anil
    Here is our code:
      CALL FUNCTION 'CS_BOM_EXPL_MAT_V2'
        EXPORTING
          aumgb                 = 'X'
          capid                 = 'PP01'
          datuv                 = p_valfrm
          ehndl                 = '1'
          emeng                 = 1
          mbwls                 = ' '
          mehrs                 = 'X'
          mmory                 = '1'
          mtnrv                 = p_matnr
          stlal                 = p_stlal
          stlan                 = p_stlan
          werks                 = p_werks
        TABLES
          stb                   = i_stb
          matcat                = i_matcat
        EXCEPTIONS
          alt_not_found         = 1
          call_invalid          = 2
          material_not_found    = 3
          missing_authorization = 4
          no_bom_found          = 5
          no_plant_data         = 6
          no_suitable_bom_found = 7
          conversion_error      = 8
          OTHERS                = 9.
      IF sy-subrc <> 0.
        MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
      ENDIF.

    Hi senthil,
    1. I suppose u want to explode the BOM.
    2. CS_BOM_EXPLOSION
       use the above FM
       in the below mentioned fashion.
    3.
      CALL FUNCTION 'CS_BOM_EXPLOSION'
       EXPORTING
       capid                       = 'PP01'
       emeng                       = bmeng
       datuv                       = sy-datum
       mtnrv                       = matnr
       stlan                       = '1'
         werks                       =  werks
         mehrs = 'X'
    IMPORTING
      TOPEQUI                     =
      TOPMAT                      =
      TOPTPL                      =
      DSTST                       =
        TABLES
          stbd                        = stbd
          stbe                        = stbe
          stbk                        = stbk
          stbm                        = stbm
          stbp                        = stbp
          stbt                        = stbt
    EXCEPTIONS
       alt_not_found               = 1
       call_invalid                = 2
       missing_authorization       = 3
       no_bom_found                = 4
       no_plant_data               = 5
       no_suitable_bom_found       = 6
       object_not_found            = 7
       conversion_error            = 8
       OTHERS                      = 9
    regards,
    amit m.

Maybe you are looking for