08-12-2009 3:09 PM
Hi,
I am in the process of configuring a SM59 ABAP connection between two systems say A and B
I have created user id in the System A and B
I wanted to know teh roles and authorisations, to be present for a user to be used in SM59 ABAP Connection
I dont want to give SAP_ALL(System User)
I wanted this RFC connection to be used for CUA Configuraiton
Please help
08-12-2009 9:40 PM
Check the Note 492589 - CUA: Minimum authorizations for communication users
Regards,
Pavan
08-12-2009 9:40 PM
Check the Note 492589 - CUA: Minimum authorizations for communication users
Regards,
Pavan
08-13-2009 11:16 AM
while defining RFC you should use user of type System which can't be used for Dialog (Interactive) Login and hence there is no harm in providing SAP_ALL & SAP_NEW.
If you want to define your own role still, then I would say there are few specific Objects need to be present as default... but the other are dependent on the type of connection and activities that RFC is going to perform. As a default, S_RFC, S_RFCACL, S_TABU_DIS (optional) are required.
If you check the following notes, you will be understand the requirement of idealizing the Task in which the RFC is going to be involved.
[ Note 338537 - RFC user authoriz. for data exchange R/3 back end <-> CRM|https://service.sap.com/sap/support/notes/338537]
Similarly if it is going to use for IDoc processing: [Note 325361 - IDoc processing authorizations|https://service.sap.com/sap/support/notes/325361]
[Note 412309 - Authorization profile RFC user for IPC|https://service.sap.com/sap/support/notes/412309]
Regards,
Dipanjan
08-13-2009 12:15 PM
> while defining RFC you should use user of type System which can't be used for Dialog (Interactive) Login and hence there is no harm in providing SAP_ALL & SAP_NEW.
So, if they cannot login and SAP_ALL is harmless - then what does one need these users for and why do they need authorizations at all?
Sorry, but it is sometimes quite easy to logon to the system with these users and do anything you want to with them, only that initially you cannot login via the SAPGui logon page and an RFC call will not attach an external SAPGui session to the login.
Additionally, as these users would have user administration authorizations by design, it might also be advisable to protect the client side of the RFC call, using object S_ICF. That is what I do.
Cheers,
Julius