07-05-2007 10:06 AM
Hi,
we have a problem with the Authorization when we use an Web Interface for BSP. We have assigned all roles to the user which were mentioned in the SAP standard documentation:
R_AREA
R_METHOD
R_PACKAGE
R_PARAM
R_PLEVEL
R_PM_NAME
R_PROFILE
R_STS_PT
R_STS_SUP
R_WEBITF
S_RS_ADMWB
S_RS_AUTH
S_RS_COMP
S_RS_COMP1
S_RS_DAS
S_RS_ICUBE
but we still get the error message: "Error while calling RFC".
When using a user with SAP_ALL, it works.
What can we do?
Thx for your time.
Joerg
07-05-2007 11:58 AM
Actually that's surprising - because BSP (Business Server Pages) and RFC (Remote Function Call) are not related; they use totally different transport protocols (http vs. RFC). Even if an BSP application is calling a function module remotely (acting as RFC client) no authorizations for S_RFC are required - in the calling system (but in the called system, i.e. the RFC server).
Since assigning SAP_ALL seems to "cure" the problem, it seems to be an authorization issue, indeed. In that case it makes sense to use the authorization trace (ST01 - notice: that's specific to one single ABAP application server; you might have to activate the trace on multiple instances) to find out which authorizations are checked / demanded.
07-05-2007 10:18 AM
sounds like it could be missing auth object S_RFC.
Add the object with full auths and stick a trace on the user (ST01) to ID exactly what functions are required & amend the role to suit.
07-05-2007 10:46 AM
That is correct, on the target system you need s_rfc with in
RFC_TYPE = 'FUGR'
RFC_NAME the name of the function group
ACTVT = '16'
for each function group you want to be able to execute remotely.
07-05-2007 11:51 AM
No, thats in.
S:A:RFC
Activity All activities
Name of RFC to be protected *
Type of RFC object to be prote All values
07-05-2007 11:57 AM
ok, next idea then. Have you tried switching on a trace for the user when you have assigned SAP_ALL?
07-05-2007 11:58 AM
Actually that's surprising - because BSP (Business Server Pages) and RFC (Remote Function Call) are not related; they use totally different transport protocols (http vs. RFC). Even if an BSP application is calling a function module remotely (acting as RFC client) no authorizations for S_RFC are required - in the calling system (but in the called system, i.e. the RFC server).
Since assigning SAP_ALL seems to "cure" the problem, it seems to be an authorization issue, indeed. In that case it makes sense to use the authorization trace (ST01 - notice: that's specific to one single ABAP application server; you might have to activate the trace on multiple instances) to find out which authorizations are checked / demanded.
07-05-2007 1:26 PM
Reason was the Autorization Object S_RS_ICUBE, there you need the InfoCube Subobject DEFINITION. Otherwise you get that error...
Thank for your Help