cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization needed to invoke Webservices on WAS640

Former Member

on ‎01-10-2008 4:52 PM

0 Kudos

Hi

We have a ECC 5.0 box that is based on WAS640. We created a Webservice definition on the ECC5.0 box based on a XI message interface endpoint and we released the webservice for SOAP runtime.

When we try to invoke the webservice from a SOAP client - I get the following response

<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">

<soap-env:Body>

<soap-env:Fault>

<faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>

<faultstring xml:lang="e">Authority check failed</faultstring>

</soap-env:Fault>

</soap-env:Body>

</soap-env:Envelope>

There is a single role for the userid that is used by the SOAP client to consume the webservice on R3 - SAP_XI_APPL_SERV_USER .

What role am I missing for the webservice user - inorder to fix this problem

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎01-10-2008 5:06 PM
0 Kudos

Hi !

Your scenario is SOAP->XI->IDOC/RFC/PROXY ? I mean, you published a webservice in XI (not in ECC) to allow access to a ECC process. And then use another type of connection (IDOC/RFC/Abap Proxy) to connect XI to ECC. Is that right?

If yes, you should have 2 users, one that is used in every soap client to connect to XI, that should be an XI user with role SAP_XI_APPL_SERV_USER. then another user, created in ECC that should be used in XI to connect to ECC depending on the type of connection.

Regards,

Matias.

Show replies
Show replies
Former Member
‎01-10-2008 5:09 PM
0 Kudos

Matias

My scenario does not involve XI at runtime

Webservice is exposed directly out of the R3 box - it just user Xi message interface and the proxy implementation for the webservice response.

Now I am invoking this webservice that is on the R3 box from a SOAP client tool. What are the credentials required for the user on R3 that is used by the SOAP client tool ?

Former Member
‎01-10-2008 5:21 PM
0 Kudos

Hi !

Try a user with the S_SERVICE authorization in ECC.

From

https://wwwn.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/5028218f-7f55-2a10-3396-e075665...

Accessing SAP functions via Web services follows the standard SAP authorization concept.

This concept is based on authorizations for specific authorization objects. The system checks

for the required authorization for an authorization object during the execution of a Web

service. If a user does not have this authorization, the execution is terminated, and an error

message is returned.

SAP ERP ES uses the standard authorization objects that are available for mySAP ERP,

including authorization default values for Web services. In addition, you need the

authorization S_SERVICE to start external services. To create and consume Web services,

you require the authorizations belonging to the role SAP_BC_WEBSERVICE_ADMIN as well

as authorization for the Internet Communication Framework (S_ICF_ADMIN).

For more information about authorizations for Web services, see the SAP NetWeaver

documentation at help.sap.com ® SAP NetWeaver ® SAP NetWeaver 2004s ® SAP

NetWeaver Developer’s Guide ® Fundamentals ® Using Java ® Core Development Tasks

® Providing and Consuming Web Services ® Web Service Toolset ® Web Services Security

® Authorization.

Regards,

Matias.

Edited by: Matias Denker on Jan 10, 2008 2:27 PM

Former Member
‎01-10-2008 5:52 PM
0 Kudos

Thanks Matias. I will try this and get back to you. Points awarded

aashish_sinha
Active Contributor
‎01-10-2008 5:05 PM
0 Kudos

Hi,

Try these authorizations..

SAP_XI_DEVELOPER (Composite)

SAP_SLD_DEVELOPER

SAP_XI_DEMOAPP

SAP_XI_DEVELOPER_ABAP

SAP_XI_DEVELOPER_J2EE

and also refer to http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm

I hope this will help you.

Regards

Aashish Sinha

PS : reward points if helpful

Show replies
Show replies
VijayKonam
Active Contributor
‎01-10-2008 4:59 PM
0 Kudos

Hi,

are you using SOAP adapter between ECC and XI? I think PROXY, RFC or IDoc are the best adapters for communicatiob between SAP systems.

Someone correct me if was wrong..!!

VJ

Show replies
Show replies
Former Member
‎01-10-2008 5:02 PM
0 Kudos

Hi

Just to clarify , XI is not involved in runtime in my scenario .

R3 WS <----

consume WS from external SOAP tool.

I have an authorization issue wrt this.

Ask a Question