Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to trace communication users in system & build a role

Go to solution
Former Member

‎11-26-2009 10:07 AM

0 Kudos

Hi all

I have a requirement in my compnay to create a role for communication users currently assigned to SAP_ALL

we have 20 communication id's & turning on trace is not feasible option due to the impact on system performance.

Plz let me know what is the approach i need to have inorder to find neccessary tcodes & objects into my role.

thank you in advance.

Best Regards

NaveenMurthy_

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎12-01-2009 6:12 AM

0 Kudos

Hi Naveen,

These are all communication users so if you are very concerned about perfomance, you can switch on the trace for an out of usage hours if the communication users will also be performing their set tasks during this time. You can not get your way out from using the trace.

@ Julius lets just stick to the questions raised. I cant help but agree with you on the lazy part but lets refrain from getting hyper about the offshore types.

Best Wishes,

Chinmaya

Edited by: chinmaya prakash on Dec 1, 2009 7:13 AM

11 REPLIES 11

Go to solution
former_member251938
Explorer

‎11-26-2009 11:02 AM

0 Kudos

Hi Naveen,

you have to trace the authorizations properly using ST01. To make it easier, there's a nice post on SDN by Frank Buchholz with an example report that helps you building roles from the trace data. You can find it here:

Blog: /people/frank.buchholz/blog/2009/11/16/show-st01-authorization-trace

Report: https://wiki.sdn.sap.com/wiki/display/Snippets/Show%20ST01%20authorization%20trace

Regards,

Birger

Go to solution
Former Member

‎11-30-2009 9:12 AM

0 Kudos

Hi Naveen,

Yes, Activating trace will effect the system performance. If it is possible to simulate all in QA ssytem, then try this in QA system and execute the authorization trace and create role accordingly. If this is not possible, then take trace one by one communication ids. And do the trace on for limited time and only when it will be used. This will not effect system performace.

Regards,

Sandip

Go to solution
Former Member

‎11-30-2009 10:43 PM

0 Kudos

Actually, I have done this many times and made some contributions to the wiki about the same. If you are less lazy then you will find it easily in the wiki.

Probably it is just some (yet another) customer requirement which you cannot fullfill (like your other questions).

This is an area which "beginners" are very welcome to, and I will gladly help them... but it is not for lazy fools or (to be honest) offshore "we can do everything you want" type solutions.

This is no judgement against you, but you don't stick around for long enough to understand it and are too far away from the customer "reality" it seems? That you cannot close your SDN questions is just a very small symptom of this...

> Total Questions: 6 (6 unresolved)

Just being honest...

Julius

Go to solution
Former Member

‎12-01-2009 6:12 AM

0 Kudos

Hi Naveen,

These are all communication users so if you are very concerned about perfomance, you can switch on the trace for an out of usage hours if the communication users will also be performing their set tasks during this time. You can not get your way out from using the trace.

@ Julius lets just stick to the questions raised. I cant help but agree with you on the lazy part but lets refrain from getting hyper about the offshore types.

Best Wishes,

Chinmaya

Edited by: chinmaya prakash on Dec 1, 2009 7:13 AM

Go to solution
Former Member
In response to Former Member

‎12-01-2009 9:09 AM

0 Kudos

What I meant is that good "housekeeping" and securing of these sensitive RFC connections is hard to do properly if you are "far away" from them.

Go figure why SAP delivers many of their connection wizards with SAP_ALL... they don't know either what the customer will be using and which data will be transfered and when you might need to temporarily debug the connection or when someone will try to use an existing connection for a new application without thinking about developing a new role to go with it, or which checks an SP might introduce which then pop up as a problem in a remote program or system, etc.

Really, it is not an easy thing to do properly (both technically and procedurally) and the further you are away from it, the more hassle it will be.

No inflamatory hype intended toward any specific type or location of "offshoring".

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎12-01-2009 9:41 AM

0 Kudos

Hi Julius,

I think I may owe you an apology. Your initial post didnu2019t sound that polite :). Please feel free to edit/delete my posts regarding this.

Regards,

Chinmaya

Go to solution
Former Member
In response to Former Member

‎12-01-2009 11:14 AM

0 Kudos

Hi Chinmaya,

No, it's fine and no need to apologize. My initial post was not specifically intended to be polite...

Lets wait for Naveen to read the forum rules and follow-up on the questions which other people have helped him with.

Cheers,

Julius

Go to solution
Former Member

‎12-02-2009 4:43 AM

0 Kudos

Hi

Julius - thanks you for calling me Lazy but you should know - i always do a serach first in SDN & google & then post my comments - when i don't have a post relevant to my question,

Chinmaya - thanks for upholding the Outsourcing thing - i don't want to comment more on this.

More inputs on my topic - i have now got the solution using ST03N where i got the report of fucntion module names which were used by Communication users & then i found the corresponding fucntion group names & created my role.

thanks again for valuable comments.

Best Regards

NaveenMurthy_

Go to solution
Former Member
In response to Former Member

‎12-02-2009 7:24 AM

0 Kudos

Please understand that when someone asks questions which others help them with and then just leave them hanging unresolved then it does give a lazy impression. When the person then still launches the next question on top of that then you should expect some resistance or face being ignored by some others.

Take care in ST03N as there are 4 types of RFC profiles which are needed. Depending on your system configuration, you will only need a filtered subset of one of them, or as much as all 4 of them if your customer is using client side groups to protect the destinations (this is very effective and I can strongly recommend it).

Cheers,

Julius

Go to solution
sdipanjan
Active Contributor
In response to Former Member

‎12-02-2009 5:33 PM

0 Kudos

After all, you should not create Users with type "Communication" for your customer side requirements. This type is basically to serve the SAP defined / provided applications. For customer requirements, you need to select the user type as "SYSTEM" instead.

Regards,

Dipanjan

Go to solution
Former Member
In response to Former Member

‎12-02-2009 9:16 PM

0 Kudos

> This type is basically to serve the SAP defined / provided applications. For customer requirements, you need to select the user type as "SYSTEM" instead.

If you check SAP notes you will see that they also correct them to SYSTEM, or alternately to SERVICE.

You can also keep an eye out in ST22 for dumps classed as DYNPRO_SEND_INBACKGROUND...

Cheers,

Julius