cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RFC User Type

Former Member

on ‎07-22-2011 2:02 PM

0 Kudos

Hi

Calling gurus.

When gererating RFC users for the READ and TMW rfc's in Solution Manager users gets generated, and I know the user type is Communication user, however should you be forced to have to create your own users to use within this rfc would it be best to stick to communication user type, or could a system user type be used.

It is my understanding that logon via read rfc should not be allowed as it could be a security risk.

If I am on the wron track please enlighten me or point me towards a conclusive best practice regarding this.

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Lluis
Active Contributor
‎07-23-2011 9:46 PM
0 Kudos

Hello again Paul,

1.-

At the same 2008 manual "Activating the SAP EarlyWatch Alert on Solution Manager 7.0" yo can see on page 11 this:

...A working dialog connection such as *TRUSTED or LOGIN. Once the *BACK destination is created, these can be deleted again...

This prerequisites are need for the creation ob RFC "_BACK" on remote system, but for remote call of sdccn the prerequisites on Page 15 are not enough !!!

If you want to call remotely sdccn from solution manager you need a dialog trusted connection.

I have just tested on our solution manager 5 minutes ago, you are invited to our solution manager if you want to check it.

-

2.-

What about this:

My question is, Will take into account SAP this users for the "SAP Security user audit" ?

Regards:

Luis

Show replies
Show replies
Lluis
Active Contributor
‎07-22-2011 4:54 PM
0 Kudos

Hello,

This is an interesting topic that we had some doubts.

On the remote systems connection, usually is enough to use 4 RFC, "read", "tmw", "trusted" and "login".

On our process for connect a long number of customer systems we considered that best way is to use the 3 ffirst RFC's, the login rfc forcu you to manage a long number of password, that can be expired on time.

On "read" and "tmw" we are using "communication" users.

For "trusted" rfc we need a "dialog" user.

The reason that we use, "dialog" user for trusted rfc's is that for remote management of sdccn, if you don't have a dialog user, you can call sdccn from solution manager, smsy or solution directory(dswp).

My question is, Will take into account SAP this users for the "SAP Security user audit" ?

thanks:

luis

Show replies
Show replies
Paul_Babier
Product and Topic Expert
Product and Topic Expert
‎07-23-2011 2:13 PM
0 Kudos

Hello,

Please look at Page 15

https://websmp206.sap-ag.de/~sapidb/011000358700001873212008E

Regards,

Paul

Paul_Babier
Product and Topic Expert
Product and Topic Expert
‎07-22-2011 2:22 PM
0 Kudos

Hello,

Typically if you were creating your RFC manually the RFC user should be of user Type "Service"...it can also be "Communication".

The main reasoning is you want a user whose password will not be subject to aging (expiration).

This happens most frequently when the user Type "Dialog" is used. When the password expires, logon attempts fail.

RFC's tend to make many logons, so the password will lock quiickly and the RFC logon will fail, rendering the RFC useless.

Additionally RFC users do not need a dialog to logon, humans do

There are other user types, but the only two types that should be used are:

1) Service

and

2) Communication

Regards,

Paul

Show replies
Show replies
Ask a Question