08-20-2009 2:42 PM
I have created a system user and assigned it to the necessary RFCs in our DEV system. The RFCs are used to ALE data between our DEV, QAS, and PRD systems. If I assign profile B_ALE_ALL to the user in the receiving system I do not get IDOCS created in our QAS system. If I assign SAP_ALL to the user I do get IDOC's created in QAS. Can anybody recommend another role to assign. Or a method to troubleshoot this authorization error. I want to limit this system user in the receiving system to creation of IDOCs only.
Thanks in Advance, Jay
08-20-2009 2:45 PM
Hi,
Try profile S_IDOC_ALL All authorizations for IDoc functions
Regards,
Gowrinadh
08-20-2009 2:45 PM
Hi,
Try profile S_IDOC_ALL All authorizations for IDoc functions
Regards,
Gowrinadh
08-20-2009 2:47 PM
> The RFCs are used to ALE data between our DEV, QAS, and PRD systems.
This is seldom a good idea...
08-20-2009 3:09 PM
08-20-2009 3:17 PM
Hi,
Then I recommend to give sap_all and trace the user in QAS system. Once the data transfers are complete, please anaylyze the trace and see what authorizations it requires. Now build a role with this authorizaiton and remove sap_all.
Since you are transferring applicaiton data, the programs might also check that access as well.
Regards,
Gowrinadh
08-20-2009 4:18 PM
This is now solved. We used a combination of profile B_ALE_ALL and another custom profile with authorization object S_RFC.
Thanks for the assistance.