on 09-11-2008 2:16 AM
Hello gurus,
I have a requirement in which i need to assign a set of Bapis and RFC from SAP HR to a Role and then this role to a user. I have few questions here
1. How to assign only a BAPI to role
2. How to assign a Remote Function to a Role/Profile (in PFCG)
3. Do i need to take care of underlined Infotype for Authorization purpose, as bapis are acessing further some Infotypes from HR module. so do i need to assign Infotypes to roles also.
4. How to find Object related to a BAPI or Remote Function
Points for sure for any reply.
Mani
1- S_DEVELOP ABAP Workbench
2- RFC Auth Objects
S_RFC Authorization Check for RFC Access
S_RFCACL Authorization Check for RFC User (e.g. Trusted System)
S_RFC_ADM Administration for RFC Destination
S_RFC_SHLP Authorization to Use a Search Help via RFC
3- You dont need to check underlined ITs`. It should be taken care by your existing HR ITs Auth .
4- Look for SE37 and search "BAPI" "RH" & "HR" for pckage = p*
Good Luck
^Saquib
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks a lot,
Well i think you took it other side from developer point of view, to make it crystal clear I have some BAPI(or BAPI enabled function module) in r/3 system named below
BAPI_ORGUNITEXT_DATA_GET - using Infotypes PA0002, PA0105 etc to read, write and modify data
BAPI_EMPLOYEE_GETDATA - using Infotypes PA0001 etc to read, write and modify data
I want to make a USER and assign him ROLE through which he can only access and Manipulate these bapis using Jco and .net technology to integrate it to other non-SAPsystem, Assuming the user dont have any other authorization.
what are the OBJECT i need to assign to this user role.
in the 4th point i mean to know BAPI Authorization Object that i need to assign to ROLE.
I hope i cleared my point.
thanks
Mani
Edited by: mandy on Sep 11, 2008 9:27 AM
thanks a lot for prompt reply, i still have few questions
Do i need to confgure the Infotype Authorization Object also like P_ORGIN to access infotype
Do i need to configure Authority object for for the Funcrion Group also where my Bapi** functions resides. like BAPI_ORGUNITEXT_DATA_GET resides in Function group RH_ORGPUB_APP.
i will really appreciate any reply on the same.
How do i test it from SAP and NON-SAP system any comment is addition to this requirement. i will gve you full mark anyway.
thanks
Mani
Edited by: mandy on Sep 11, 2008 3:33 PM
Do i need to confgure the Infotype Authorization Object also like P_ORGIN to access infotype
~ Yes
Do i need to configure Authority object for for the Funcrion Group also where my Bapi** functions resides. like BAPI_ORGUNITEXT_DATA_GET resides in Function group RH_ORGPUB_APP.
i will really appreciate any reply on the same.
~ Yes
How do i test it from SAP and NON-SAP system any comment is addition to this requirement. i will gve you full mark anyway.
From SAP side , you should get auth error .. and from Non-SAP sys you should get no data or ( you can write some code to check auth for above objects and raise error message and send it to non-SAP system .
i will gve you full mark anyway .
hmmmmmm, I aint only answer for Marks
Hello Guru,
well the things sounds not working, I did the negetive testing, i mean removing all the authorization from the user. He can access these FM and infotype without any restriction. It was a bit shocking.
1. Do we need to code in programming to check the authorization object for further processing ?
Cause i am using a standard BAPI and it might be possible that they are not using object based Authorization checks rather position based checks.
2. If i want to block access to other systems through RFC to some rfc enabled FM (in our case BAPIs), do i need to do something even if i have no any authorization in the user profile(I deleted all the roles and profiles assigned to user still i can access data from system through RFC).
3. how can i block access to rfc enabled FM.
thanks
Mandeep
Hi
The authorization object is S_DEVELOP. You can check all the authorization objects through TCode SU21.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.