02-23-2010 3:56 PM
Hi there,
Hopefully this is the related forum for this question. We have a scenario where we need an automated process to create users on one system and then create just the same account on a remote system with deactivated password.
How is this best handled in ABAP code where the system account info/password of the remote system is not listed in the abap code. Should a SM59 connection be created and then somehow this is referenced from abap code ?
Also, this will be a SM37 job stream running on the local server under one name running the job and in the code it should be using a different name (destination) for the remote connection to create the user.
I am a security person, not abaper. Input /best practice appreciated.
Thanks !
02-23-2010 9:01 PM
BAPI_USER_CREATE1 check this BAPI.
Similarly you can create a RFC in othe rsystem and call it from your system.
When iit create user id & password
Pass it to login.
I hope it will heps you
02-23-2010 9:35 PM
> I am a security person, not abaper. Input /best practice appreciated.
Actually this is a security question, so I have moved it to the security forum...
If the password is to be deactivated in the target system but not in the source ("master" system) then you can use several standard user provisioning mechanisms for this (CUA, GRC-CUP, IdM, UME configuration...) and configure the target system to deactivate the password itself. There are also several ways of achieving this, without any coding required necessarily.
The most obvious one which jumps to mind is RZ11 parameter login/password_change_for_SSO.
Alternately if your scenario is better suited to it, you can also use login/password_max_idle_initial.
Also see transaction RSUSR200.
Etc...
> Should a SM59 connection be created and then somehow this is referenced from abap code ?
No. It should be referenced from configuration of the application which calls the RFC connection, defined in SM59. You can also optionally use the "current user" setting and alternate authentication methods to (saved) passwords. This I would generally recommend.
Cheers,
Julius
Edited by: Julius Bussche on Feb 23, 2010 10:36 PM