on 06-02-2010 1:44 AM
I have a interface PI to access a SAP RFC, and the user / password to RFC was defined as a PI parameter. This makes that SAP transaction log register this fixed user defined in PI parameter, and I need register in SAP transaction LOG the user used in a Non SAP application instead the user in PI parameter.
I need garantee that user in a NON SAP Application has autorization to access the RFC, and the records written by SAP has this user identifier.
How can I do this?
Hi Paulo,
I think these three notes could be relevant to you:
#999962 - PI 7.10: Change passwords of PI service users
#974873 - Principal Propagation
#730870 - FAQ XI 3.0/ PI 7.0/ PI 7.1/ PI 7.11/ PI 7.2 RFC Adapter
Check them and remember that the password for all the service users
in PI has to be the same, so the first note will help you on that.
Regards,
Caio Cagnani
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
check those guides about principle propagation:
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/808d3048-638c-2a10-35a6-faa48e50ad59
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/50d07121-07a5-2c10-5280-a081de9b851c
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Paulo,
If I understood your question correctly, this is your scenario:
Non-SAP app --> SAP PI --> SAP ECC
Whatever User you defined in the PI RFC receiver comm. channel to ECC that will be the User logged in the transaction. Just make sure that this User has the appropriate authorizations in ECC to execute the RFC.
You only need to worry about how the Non-SAP app connects to SAP PI.
If you really need to change the User that is logged in the transaction, you will need to modify the RFC/BAPI in ECC.
Regards,
Glenn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Glenn.
You understood the scenario.
No sap -> PI > RFC.
The connection using login defined in PI (User / Password) is working correctly.
But, I need to know how to connect the RFC using the NON SAP login not the login in PI parameter.
I have SOX audit and can not use generic login, each login needs belong to a person.
regards.
Paulo.
Hi Paulo,
Any User that you connect to ECC with has to exist in ECC. Therefore, all your Non-SAP app users have to be created in ECC if you want to use them in your comm. channels.
Assuming these Users are only a few, you can create separate Business Services with RFC Receiver Comm. Channels for each one of these Users. Use conditional routing to check the payload for the Non-sap username then assign it to the appropriate Business Service.
It's a little drastic, but it will work.
Otherwise, you can modify the inbound RFC/BAPI abap code in ECC to overwrite the username based on the value in the message.
Regards,
Glenn
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.