04-02-2008 8:36 AM
Hi experts,
I have created a Web-Service which is running with HTTP actually.When i send the soap request message to SAP server, the response message of SAP server tell me 'FailedAuthentication', 'Authority check failed'. I don't know why like this.Who can tell me how to configure security for this scenario?
Thanks.
Kelvin
04-02-2008 9:01 AM
When defining Web addresses or file paths for authorization, you can specify variables,
which are defined in transaction .SM30_SSM_VAR.. You should then
enter the variables in upper case letters in angle brackets in the Web
address, such as: .<VARIABLE_NAME>.. When the Web address is
started, the variable is automatically replaced by the associated value.
04-02-2008 9:01 AM
you could do a trace (ST01) in order to find out what authorizations are missing, but my guess is that you should add the webservice you created to the S_SERVICE object in the profile of the user executing the service.
04-02-2008 9:51 AM
Hi Dimitri,
I agree your viewpoint.Can you tell me detailed about the profile of the user executing the service. I haven't related experience on this.
Thanks.
04-02-2008 10:11 AM
hi kelvin,
your testuser must have some kind of basic access in order to logon to your webservice, right?
my guess is that it's missing certain objects within his profile, most likely S_SERVICE.
if you add this object to a new or an existing role (assigned to your testuser) and add the webservice to the field SRV_NAME.
also define the type of service in the SRV_TYPE field in which you specify whether it's a BSP, webdynpro etc type of service.
hope this helps. good luck!
edit: also examine the trace and look for missing S_RFC authorizations
Edited by: Dimitri van Heumen on Apr 2, 2008 11:11 AM
04-02-2008 10:50 AM