on 03-11-2008 11:02 AM
Hi all,
I need to post idoc to SAP R/3 system from XI. I have done all the steps correctly. While creating RFC in XI system to connect to the R/3 system, intially I gave my R/3 username and password and tested teh connection. Everything was working fine but when I actually ran the scenario, IDOC was not getting posted in the R/3. But there was no error anywhere.
fianlly after debugging I fould it might be the issue of authorization the the R/3 user i used in the RFC. I then assigned SAP_ALL authorization to my user and posted the iodc again and it started working fine.
Can anyone please tell me what are th exact authorizations/role i need to assign to the r/3 used to use it in RFC and successfully posting the idoc? I dont want to use SAP_ALL authorization in my production environemnt.
Please help.
Regards,
Yash
Hi,
Even i had faced this problem. Whenever I tried to send IDOCs, i used to get an error in SM58, " No authorization to send IDOC of type DEBMDM".
When i got SAP_ALL it worked. However I raised a note with SAP asking for an alternative and this is the reply gave me.
************************************************************************
You can get good information on this topic in your online help files.
The following is taken from the document "General Security Measures
(ALE)":
Use the transaction SALE to maintain the ALE configuration, to include setting up the distribution model and setting up ALE user authorizations and profiles. Note the following:
- Be restrictive when assigning the ALE authorizations.
The authorization profile B_ALE_ALL contains the following
authorization objects that are needed for ALE:
Authorizations for ALE
Authorization Description
B_ALE_CGRP ALE Customizing Distribution: Group Activities
B_ALE_LSYS ALE/EDI: Maintaining logical systems
B_ALE_MAST ALE/EDI: Distributing master data
B_ALE_MODL ALE/EDI: Maintaining customer distribution model
B_ALE_RECV ALE/EDI: Receiving IDocs via RFC
B_ALE_REDU ALE/EDI: Generating messages (ex. reduction)
S_PROGRAM ABAP: Program run checks
S_TABU_DIS Table Maintenance (using standard tools such as SM30)
Protect external users and passwords.
For example, for a non-SAP system to send IDocs to a SAP System using transactional RFC, it must also send a SAP user ID and password.
In most cases, the user and password are stored outside of the SAP System. Make sure that this information is not accessible to external systems or programs. (How you can do this is dependent on the system that you have; therefore, you need to refer to the documentation for the system where the information is stored.)
************************************************************************
However, I feel assigining the profile S_IDOC_ALL should also be enough. Just try and see.
Regards,
Merrilly
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi.
SAP_ALL authorization is very common is this kind of users. As WF-BATCH user that has SAP_ALL authorization, yo must create a user that is going to be used by process in XI.
I normally use XIREMOTE so then, in R3 system i can find easily documents posted by XI.
This user must be defined as 'Service' user, so no one can do logon with it.
Inigo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.