JCO connection for the metadata - account permissions????
This is our first try at adaptive RFC and I'm trying to instruct our security people to set up a user account for jco metadata and have forwarded lots of excerpts from docs like ESS setup, etc., and generally that this user needs access to a all DDIC function modules. Our security people aren't getting it, and I can find nothing specific in an documents I find on specifically how to set up that account, and don't want to give SAP_ALL.
Any help is appreciated.
Joseph Zeinoun replied
You are correct regarding the JCO destination metadata setup, and you can check the official SAP documentation for <a href="http://help.sap.com/saphelp_nw04/helpdata/en/3a/3b1b40fcdd8f5ce10000000a155106/frameset.htm">SAP JCO Destination Setup</a> (see section 5 for user authentication requirements)
Bottom line, you have to set up a user type 'System' (no dialog authorization) in the back end, and its authorizations must be set so that this user <u>can access all DDIC function modules</u>.
I would suggest that you either try to:
- Determine with your security group a new authorization profile that would allow a new system user to access all required DDIC modules
- Check user 'SAPJSF' with role 'SAP_BC_JSF_COMMUNICATION' (if possible/compatible with your environment), and test if you can execute your application with this user initially.
If successful, then ask your security group to create a new system user, copy & customize the role 'SAP_BC_JSF_COMMUNICATION' and assign it to your new user so you can assign it for the JCO destination METADATA authentication configuration section.
Message was edited by: