08-25-2015 6:30 AM
Hello All,
I am facing an Error ' no rfc authorization for function module get_system_name ' while trying to create a Single role in NWBC in AC 10.1
This error is being popped up when I am clicking on ' Maintain Authorizations ' tab.
Can anyone please help me out with the Authorizations which are to be provided to avoid such an error.
Please suggest.
Regards,
Rahul Muni
08-25-2015 6:57 AM
08-25-2015 6:38 AM
Hi,
Check SU53 t-code for missing auth. object and by using SUIM check the relavent role and assign the role to the user id for which you're getting RFC issue.
Hope this will help you to resolve your issue.
Thanks
KH
08-25-2015 6:43 AM
Hello Rahul,
Please assign SAP_S_RFCACL role to the user id and check again.
Regards
Anand
08-25-2015 6:55 AM
Hello Anand,
Thank you for your input.
Can you please tell me , what are the authorizations which are missing because of which I am getting such an error..?
And how will role SAP_S_RFCACL help me in resolving this error ?
Regards,
Rahul Muni
08-25-2015 6:57 AM
08-25-2015 6:59 AM
Hello Prasant,
Can you please specify which authorizations to be assigned ?
Regards,
Rahul Muni
08-25-2015 7:04 AM
S_RFC
Manually Authorization Check for RFC Access S_RFC
Manually Authorization Check for RFC Access
Activity 16 ACTVT
Name of RFC to be protected * RFC_NAME
Type of RFC object to be prote FUGR, FUNC RFC_TYPE
Regards,
Prasant
08-25-2015 1:04 PM
Are you still getting error after adding authorization object.
Regards,
Prasant
08-26-2015 7:48 AM
Hello Prasant,
It worked... Thanks for your valuable input buddy ...!
Regards,
Rahul Muni
08-26-2015 11:18 AM
HI Rahul
S_RFC is the answer but I don't recommend putting asterisk in
When you build your PFCG role you can add the function module to the menu and then leverage SU24. It will automatically bring in the correct S_RFC values and let you know why they are in the role (shows as standard instead of manual object)
Regards
Colleen
08-26-2015 11:38 AM
Hello Colleen,
It my Fault.
there so so many function module called
which can only be found using trace on target system.
Regards,
Prasant
08-26-2015 12:03 PM
all good
I find easiest way is to run a trace with the user with S_RFC asterisk. Run this in STAUTHTRACE so that it's in ALV format.
You can then get every RFC function module under the program. You will probably only see the S_RFC FUGR values instead of FUNC as it's checked first.
Build you PFCG by adding those into PFCG and the two S_RFCs will default in to authorisations - 1 will be deactivated which is the FUGR values whilst the FUNC values will remain.
Take of your S_RFC asterisk and then you can try again with the trace to see if any others are missing
It's a bit quicker than sifting through ST22 short dumps.
Once you get the function modules you can then analyse the trace files for other permissions and update SU24 for the function module
Think of it this way - we put all of the effort into implementing GRC. If you maintain SU24 properly then you get a better understanding as to why certain objects are in a role. Then, if SoD issues appear you can easily determine what impacts you have if you attempt to remove access.
Regards
Colleen
08-26-2015 1:07 PM
Hello Prasant,
If I want to find out the exact authorizations which are missing in a System User maintained within the RFC , then in which system shall we run the trace ... It is confusing me a lot...
Eg. : I am trying to generate roles in last part of BRM and I am facing a authorization issue.
Actually role will be getting generated in the Target system ( ECC ) through the particular RFC ( system user maintained within the RFC ) .
So in this case, if there are some authorization issues for the system user then how to find it out .?
Please suggest.
Regards,
Rahul
08-26-2015 1:38 PM
Target system you enable trace.
check SU53 for RFC user in target system
SU53 press F5 and select RFCUSER ID you can find the missing auth object aswell..
REgards,
Prasant
08-26-2015 1:55 PM
Hi Prasant and Rahul
Using SU53 is a slow way of identifying all of the issues. More than likely the exception hasn't been caught so you will see S_RFC failures in ST22.
As mentioned, In general, switch on STAUTHTRACE in the plug-in system (as that's where the call takes place)
SU53 won't help you much to switch user as it's written to logs instead of USR07 now. STAUTHTRACE will get you all the failures. Again, as I mentioned, you can elevate some of the authorisations (e.g. put S_RFC with ACTVT for FUNC but asterisk for function module or put S_USER* objects as asterisk). In doing this, the replication/job will succeed and then you can use your trace to reduce the values and remove your asterisk.
Regards
Colleen