on 11-28-2006 9:22 PM
Hi,
We need to solve the following issue:
We are developping a generic sync application in synchronous mode , it means, our application use generic syncronization to
comunicate with backend R/3 in synchronous mode and this is an indispensable requirement.
We use a table called 'BWAFMAPP' to specify with functions we use and the table called 'MEMAPPDEST' to indicate with RFC
destination is used by each function.
This method make us to use only one RFC user to connect with backend regardless of the user who starts the syncronization.
We'll try to explain the process of generic syncronization in more detail:
Step 1, The user logins into the application and after completes his daily job, starts the generic syncronization.
Step 2, During this syncronization, it logins with MI server with this same user (we can call him 'login user').
step 3, MI server searchs the function and rfc destination that the user need to connect with backend in tables mentioned
above
step 4, Mi server use the RFC user in rfc destination found to connect with R/3 backend
We need to change this last step because we must control the 'login' user`s roles and permission, and not, the rfc user's
permission.
The question is:
There are any way to login with R/3 backend with the same user that syncronization process use to login with MI server? or
We can connect directly with R/3 system from pda application?
Please, We need to solve this issue as soon as possible because it's very important for us to control user's permissions and
until now the only solution we has is to check manually all the authorization objects.
Thanks in advance and best regards,
Satur
Hi Satur,
if the pda logon user exists in the backend you can setup the rfc destination to use trusted system setup.
BTW: To use that you have to do synchronous Sync, if asynchronous sync is used the call to the backend will betriggered by a job and so by a technical user instead of the sync user.
Rgds Thomas
Message was edited by:
Thomas Heisner
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Thomas and Laziz,
Thank you very much for your solution , it's just we were looking for and it works perfectly.
Best Regards,
Satur
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Satur,
Yes, suggestion made by Thomas fits your requirements perfectly.
End users have to logon to MI client with their own SAP user accounts (similar to what is setup for them in R/3 backend). Through appropriate roles and profiles you'll be able to restrict their access to backend data / functions and control it easily.
RFC connection between MI server and R/3 backend has to use Trusted connection. And in SM59 you have to specify that end users will use their own user accounts for authentication purpose. Also, ensure that your users' profile includes S_RFCACL authorisation object.
This solution works perfectly in our environment.
Best regards,
Laziz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.