cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLT connection to ECC: Security Question

Go to solution
Former Member

on ‎05-01-2014 1:21 AM

0 Kudos

We are having some challenges getting the connection to work between SLT and the ECC development environment. Some documentation states that the USERID created on ECC should be type SYSTEM or DIALOG. However, others suggest that it should be type DIALOG. We are getting authorization errors on the RFC connection in SLT when the user type is SYSTEM, but it seems to work as DIALOG.

Does this make sense to anyone? Why would it matter? Could it be password related if the SYSTEM user has password initial?

Thanks!
AZ

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-07-2014 7:23 PM
0 Kudos

I wanted to update this as we have slightly more information - but still have more questions than answers.

In one system (a sandbox which is a copy of dev from 2 months ago) the connection works fine as a system user with a productive password and the SAP delivered role assigned.

In dev, however, we get authorization errors when trying to save the RFC connection in SLT. By reviewing the dumps in ST22 in dev, we can see that the user doesn't have access to function group SVRW on auth object S_RFC. So we added that value to the auth object (even though it doesn't exist in the role in the sanbox) and we got to a new auth error in ST22. Now it doesn't have access to function group SDBADIAG on auth object S_RFC.

This is where we've stopped. I suppose we can continue adding function groups to the role, but who knows how long that chain is. Also, the standard role works fine in the sandbox, so needing to add all these function groups to the role in dev doesn't make much sense. Can anyone help point us to where the problem might be and what else we can check?

Show replies
Show replies
justin_molenaur2
Contributor
‎05-07-2014 7:36 PM
0 Kudos

Adam, all I have is the security and SLT installation guide and that seemed to work fine on current sidecar setup. Sounds silly, but are you sure the SLT user and ECC user have the proper roles (in ECC need to generate via PFCG).

If you still have problems after following the install/security guides, I would go ahead and open an OSS message with your findings, this will help get things moving.

Is the version/config exactly the same between your sandbox environment (that works) and the dev environment? Any way to double check and see what is different?

Regards,

Justin

Former Member
‎05-27-2014 8:28 PM
0 Kudos

Just to update this:

We customized the standard role to add SVRW and SDBA* to the function group authorizations list and now are able to connect without issue.

Answers (2)

Answers (2)

Former Member
‎05-02-2014 12:35 AM
0 Kudos

Hi Adam,

I would suggest to use a Service user in ECC rather than Dialog or System user.

The role which you should assign this user is SAP_IUUC_REPL_Remole which is created automatically after your DMIS Installation.

Show replies
Show replies
justin_molenaur2
Contributor
‎05-01-2014 9:23 PM
0 Kudos

I'm no expert in the BASIS portion of the show, but checking current client configuration tells me that the ECC user is of type SYSTEM. Are you 100% sure that the password is correct as defined in the RFC connection? You should be able to test through SM59 on SLT directly, which would tell you if there was a problem with the connection from SLT->ECC.

Otherwise, maybe the user you are logged in as doesn't have the authorization or the correct roles are not assigned in SLT?

Regards,

Justin

Show replies
Show replies
Ask a Question