Solved: Need role/profile for ALE system user

Former Member · ‎08-20-2009

I have created a system user and assigned it to the necessary RFCs in our DEV system. The RFCs are used to ALE data between our DEV, QAS, and PRD systems. If I assign profile B_ALE_ALL to the user in the receiving system I do not get IDOCS created in our QAS system. If I assign SAP_ALL to the user I do get IDOC's created in QAS. Can anybody recommend another role to assign. Or a method to troubleshoot this authorization error. I want to limit this system user in the receiving system to creation of IDOCs only.

Thanks in Advance, Jay

Former Member · ‎08-20-2009

Hi,

Try profile S_IDOC_ALL All authorizations for IDoc functions

Regards,

Gowrinadh

Former Member · ‎08-20-2009

Hi,

Try profile S_IDOC_ALL All authorizations for IDoc functions

Regards,

Gowrinadh

Former Member · ‎08-20-2009

> The RFCs are used to ALE data between our DEV, QAS, and PRD systems.

This is seldom a good idea...

Former Member · ‎08-20-2009

I tried S_IDOC_ALL, but with no success. Thank you

Former Member · ‎08-20-2009

Hi,

Then I recommend to give sap_all and trace the user in QAS system. Once the data transfers are complete, please anaylyze the trace and see what authorizations it requires. Now build a role with this authorizaiton and remove sap_all.

Since you are transferring applicaiton data, the programs might also check that access as well.

Regards,

Gowrinadh

Former Member · ‎08-20-2009

This is now solved. We used a combination of profile B_ALE_ALL and another custom profile with authorization object S_RFC.

Thanks for the assistance.