cancel
Showing results for 
Search instead for 
Did you mean: 

Missing authorization for SYST or RFCPING

Former Member
0 Kudos

Hi,

We're trying to create a transport route between two of our ECC systems to move functional modules from one system to the other. However we get an error and we've found a SAP note to resolve this issue, however I don't understand how to implement this SAP note.

Could someone please help me with a step by step guide to implementing note 1108662,

Add the function group SYST to the RFC authorization. Add the function group "SYST" to the default role SAP_BC_WEBSERVICE_SERVICE_USER in the authorizations for "Cross-application Authorization Objects" in the area "Authorization Check for RFC Access" and the object "Name of RFC object to be protected" and save and activate this role. You should then execute a user comparison for this role.

Thank you very much for your time and help.

Regards

Jing Jing Tao

Accepted Solutions (1)

Accepted Solutions (1)

ahmed_ibrahim2
Active Participant

Hi Jing ,

Implementing the S-note is simple,  as it is mentioned  in that SAP note, it is required to add the mentioned   function group "SYST" to the default role SAP_BC_WEBSERVICE_SERVICE_USER in the Area of AAAB

kindly follow the procedure below

1 - Run  "PFCG"  t-code  "Role Maintenance"

2 - Enter the Role Name mentioned in the S-note "SAP_BC_WEBSERVICE_SERVICE_USER"

3 - Click "EDIT " button -- pen Icon

4  - Click "Authorization" tab

5  -  in the maintain authorization and data Area --end of the page -- click "Expert mode for profile generation "

6  - the authorization maintenance page will appear

7 - Expand the "Cross-application Authorization Objects" area  -- AAAB --

8 - expand the authorization object "S_RFC"

9 - edit the field "RFC_NAME" by adding the required function group "SYST", also make sure the filed "RFC_TYPE" containing the value "FUGR"

for more information about that AUTH OBJ check the following Link

http://help.sap.com/saphelp_nw04/helpdata/en/60/305140c770cd01e10000000a155106/content.htm

click Save

click Generate

10- make sure that Role is assigned to the service user used for the communication

kindly post the Error you face

Best Regards

Ahmed 

Former Member
0 Kudos

Hi Ahmed,

Thank you very much for your steps, although it seems to be already set up, I assigned the role to the user creating the transport route, do we need to recreated the transport route?

I've also screenshots of the error.

Regards

Jing Jing Tao

Pavel_Lobach
Participant
0 Kudos

In my case it wasn't enough to just Add the role or an authorization object. You can use syst trace or su53 transaction for your RFC user to find all missing authrizations.

Answers (4)

Answers (4)

shindead1
Participant
0 Kudos

please follow below steps to fix the error,

1. you will find RFC_NO_AUTHORITY dump is ST22. please read this dump and identify the object name for which TMSADM user dont have authorization.

2. Go to SU02, and provide profile name s_a.tmsadm and enter.\\

3. Now double click on S_RFC object, from this screen select "Name of RFC to be protected" and click on "Maintain values"

4. here provide the object name as per dump of #step1.

5. save and activate. it will fix your error.

Former Member
0 Kudos

Check this:

Former Member
0 Kudos

Hi All,

Thank you for your replies, I've posted screenshots of the issue.

Regards

Jing Jing Tao

Reagan
Advisor
Advisor
0 Kudos

Else try to add the profile S_A.SYSTEM to the user and see if the helps

Did you try this ?

Regards

RB

Former Member
0 Kudos

Hi,

Please check the below note if applicable.

Note 1298927 - SYSTEM_ACCESS_DENIED when creating/deleting TMS domain link

Note 1783740 - Read access to domain controller allowed too soon

Another thing i would suggest you to implement these note if applicable.

Delete the TMS config and reconfigure it again . As two system so will not take more time.

Thanks

Rishi Abrol

Former Member
0 Kudos

Hi Reagan,

Thank you for your replies, yes I just added that profile too and now we need to recreate the transport route?

Regards

Jing Jing Tao

Reagan
Advisor
Advisor
0 Kudos

You don't need to configure the transport route if the TMS is already configured.

I suggest you to perform an authorisation test for all the TMSADM@CST.DOMAIN RFC's on all systems.

Regards

RB

ahmed_ibrahim2
Active Participant
0 Kudos

Dear Jing ,

can you make sure that the "hosts" file in OS Level is implemented correctly according to your OS

if your OS is Linux, find that file in the following Directory

/etc/hosts

if windows

C:\WINDOWS\system32\drivers\etc/hosts

modify the hosts file in all your system

example

again go to T-code SM59

and test connection for the following RFC

TMSADM@CST.DOMAIN RFC's

and make sure the user used TMSADM

thanks

AHmed

Sriram2009
Active Contributor
0 Kudos

Hi Jing

Kindly refer the SAP KBA  1888279  - RFC communications error with system/destination

Thanks

Sriram

Reagan
Advisor
Advisor
0 Kudos

Hello

The SAP_BC_WEBSERVICE_SERVICE_USER is a role. Check in Tx SU01 - username - Role table

The soultion in the note is to add the function group "SYST" to the role SAP_BC_WEBSERVICE_SERVICE_USER and then activate it.

First check whether the system is below the BASIS level mentioned in the note.

If not just add the role and see if that helps.

Else try to add the profile S_A.SYSTEM to the user and see if the helps.

Regards

RB

Former Member
0 Kudos

Hi,

can you please share the error.

So you are trying to create transport route between two ECC system.

Are you doing this in Domain controller.

Which is the user id you are using. Why dont you use DDIC and ask BASIS to do it.

Thanks

Rishi abrol