Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

what does a communication user with S_DDIC_MDI profile allow?

MPGraziano
Participant
0 Kudos

We have to open our production system to a new production portal , and have to perform the following configurations

1. fully qualify the ECC prod. server in the ECC prod. server profile

2. install certificate in ECC prod. server so that ECC prod server can communicate to Portal Prod server

3. create communication user with S_DDIC_MDI profile.

Could someone comment on this process as are just in the preliminary plans of configuring the prodn portal and have my reservations on opening up the ECC prodn., server before ESS/MSS configurations are completed. The consulting team is stating that they want to meet this milestone (as a shell of the portal) in preparations for when ESS/MSS is completely configured.

my bigger concern is the communication user with S_DDIC_MID profile and what privls it would have?

Please advise...

thanks,

Maria

1 ACCEPTED SOLUTION

Former Member
0 Kudos

>

> We have to open our production system to a new production portal , and have to perform the following configurations

>

> 1. fully qualify the ECC prod. server in the ECC prod. server profile

> 2. install certificate in ECC prod. server so that ECC prod server can communicate to Portal Prod server

> 3. create communication user with S_DDIC_MDI profile.

>

> Could someone comment on this process as are just in the preliminary plans of configuring the prodn portal and have my reservations on opening up the ECC prodn., server before ESS/MSS configurations are completed. The consulting team is stating that they want to meet this milestone (as a shell of the portal) in preparations for when ESS/MSS is completely configured.

>

> my bigger concern is the communication user with S_DDIC_MID profile and what privls it would have?

>

> Please advise...

>

> thanks,

> Maria

1.) would be done in the servers instance profile, if i understand you correctly. transaction RZ10+11 ? there's no harm in this ... just you do it.

2.) what exactly do you mean by certificates. do us use transaction STRUST to establish a secure connection using SAPSECU.LIB? if yes, again: there's no harm in that either, just do it.

3.) first. they are asking for a communication user which means exactly that: a user that cannot logon using a SAPGUI or WEB-portal but only by appoved function modules. without such a user you cannot connect ESS/MSS to your backend (if that is what you want to do). second: as for s_ddic_mdi, please read note 677732 in order to understand why you need this for your communication user.

3 REPLIES 3

Former Member
0 Kudos

>

> We have to open our production system to a new production portal , and have to perform the following configurations

>

> 1. fully qualify the ECC prod. server in the ECC prod. server profile

> 2. install certificate in ECC prod. server so that ECC prod server can communicate to Portal Prod server

> 3. create communication user with S_DDIC_MDI profile.

>

> Could someone comment on this process as are just in the preliminary plans of configuring the prodn portal and have my reservations on opening up the ECC prodn., server before ESS/MSS configurations are completed. The consulting team is stating that they want to meet this milestone (as a shell of the portal) in preparations for when ESS/MSS is completely configured.

>

> my bigger concern is the communication user with S_DDIC_MID profile and what privls it would have?

>

> Please advise...

>

> thanks,

> Maria

1.) would be done in the servers instance profile, if i understand you correctly. transaction RZ10+11 ? there's no harm in this ... just you do it.

2.) what exactly do you mean by certificates. do us use transaction STRUST to establish a secure connection using SAPSECU.LIB? if yes, again: there's no harm in that either, just do it.

3.) first. they are asking for a communication user which means exactly that: a user that cannot logon using a SAPGUI or WEB-portal but only by appoved function modules. without such a user you cannot connect ESS/MSS to your backend (if that is what you want to do). second: as for s_ddic_mdi, please read note 677732 in order to understand why you need this for your communication user.

0 Kudos

Thank You Mylene

In Regards, to certificates do you or anyone, know what is the best practice for loading certificates. Our consutlant has created a HTTP site rather than HTTPS between the portal and ECC (for ESS/MSS communication)

Our Security team has now mandated us to change the HTTP to HTTPS, as well as acquire a signed rather than self signed certificate.

Does anyone out there have the SAP best practice for this scenerio?

Thanks

Maria

0 Kudos

i think that would depend on your business process and the system setup already in place. but then: your security department mandated this, so probably you won't get another choice:

here's the process: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/frameset.htm