Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorisations for a user in SM59

Go to solution
Former Member

‎08-12-2009 3:09 PM

0 Kudos

Hi,

I am in the process of configuring a SM59 ABAP connection between two systems say A and B

I have created user id in the System A and B

I wanted to know teh roles and authorisations, to be present for a user to be used in SM59 ABAP Connection

I dont want to give SAP_ALL(System User)

I wanted this RFC connection to be used for CUA Configuraiton

Please help

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎08-12-2009 9:40 PM

0 Kudos

Check the Note 492589 - CUA: Minimum authorizations for communication users

Regards,

Pavan

3 REPLIES 3

Go to solution
Former Member

‎08-12-2009 9:40 PM

0 Kudos

Check the Note 492589 - CUA: Minimum authorizations for communication users

Regards,

Pavan

Go to solution
sdipanjan
Active Contributor

‎08-13-2009 11:16 AM

0 Kudos

while defining RFC you should use user of type System which can't be used for Dialog (Interactive) Login and hence there is no harm in providing SAP_ALL & SAP_NEW.

If you want to define your own role still, then I would say there are few specific Objects need to be present as default... but the other are dependent on the type of connection and activities that RFC is going to perform. As a default, S_RFC, S_RFCACL, S_TABU_DIS (optional) are required.

If you check the following notes, you will be understand the requirement of idealizing the Task in which the RFC is going to be involved.

[ Note 338537 - RFC user authoriz. for data exchange R/3 back end <-> CRM|https://service.sap.com/sap/support/notes/338537]

Similarly if it is going to use for IDoc processing: [Note 325361 - IDoc processing authorizations|https://service.sap.com/sap/support/notes/325361]

[Note 412309 - Authorization profile RFC user for IPC|https://service.sap.com/sap/support/notes/412309]

Regards,

Dipanjan

Go to solution
Former Member
In response to sdipanjan

‎08-13-2009 12:15 PM

0 Kudos

> while defining RFC you should use user of type System which can't be used for Dialog (Interactive) Login and hence there is no harm in providing SAP_ALL & SAP_NEW.

So, if they cannot login and SAP_ALL is harmless - then what does one need these users for and why do they need authorizations at all?

Sorry, but it is sometimes quite easy to logon to the system with these users and do anything you want to with them, only that initially you cannot login via the SAPGui logon page and an RFC call will not attach an external SAPGui session to the login.

Additionally, as these users would have user administration authorizations by design, it might also be advisable to protect the client side of the RFC call, using object S_ICF. That is what I do.

Cheers,

Julius