cancel
Showing results for 
Search instead for 
Did you mean: 

RFC destination role for the user

former_member187447
Participant
0 Kudos

Hi

I am trying to connect from PI to SCM. SCM has a user ID PIAPPLUSER created with role "SAP_XI_APPL_SERV_USER" and i am trying to use this user in PI sm59 under abap connections, but i am getting adapter error at the outbound side as seen in SXMB_MONI. Do we need to have any other role assigned to the user. FYI, If i use my user id which has SAP_ALL access the connection works good and the idoc gets processed successfully. So i suppose there should be some other role which is needed. Please suggest.

Accepted Solutions (1)

Accepted Solutions (1)

former_member184720
Active Contributor
0 Kudos

Hi Kalyan - You can refer to the below link

http://help.sap.com/saphelp_nw73ehp1/helpdata/en/78/44ac98ab764581a3b3c0b7d166e7e1/content.htm

The below authorization object might be missing.

former_member187447
Participant
0 Kudos

Hareesh,

I am still getting the same authorization issue in sm58 even after adding the new role B_ALE_RECV. I think it looks like the authorization to this particular IDOC that i am trying to send. Is there any other trace i can check?

former_member184720
Active Contributor
0 Kudos

can you share the screenshot? error message?

what is the user name you see in sm58 for that entry?

former_member184720
Active Contributor
0 Kudos

If you see the below thread

http://scn.sap.com/message/713228

For some reason, they had to delete and recreate the user inorder to work. May be can you try that?

former_member187447
Participant
0 Kudos
former_member184720
Active Contributor
0 Kudos

why it showing the user PIAFXD1?

It should be the user which you defined in RFC destination. Can you check which user you have configured in the RFC destination.

If it is PIAFXD1 then this user should have the access in ECC system to create the IDOC's


former_member187447
Participant
0 Kudos

you sure thats not the function call which is same for all the idocs but it should be the actual user that i am trying to use. Even i was wondering why it is so.

former_member184720
Active Contributor
0 Kudos

Hi Kalyan - Got to know something

You can refer to this thread - http://scn.sap.com/message/9547458

There is also an SAP note he mentioned. There are some additional authorization objects. May be you have a look into it.

former_member187447
Participant
0 Kudos

yeah seems like PIAFUSER is the valid thing that is showing up in sm58. Looks like we need to give SAP_ALL, need to check what the security team has to say about this. Thanks. Will get back once it works.

Answers (3)

Answers (3)

former_member187447
Participant
0 Kudos

The problem is solved by first having the SAP_ALL and checking to see what authorization objects are being used. The trace showed the following objects, so we did configure the following and also added all the IDOCs to the authorization project. the following link provided by Hareesh Gumpa was useful.

Destinations for Business Communication - SAP NetWeaver Process Integration Security Guide - SAP Lib...

former_member184720
Active Contributor
0 Kudos
Harish
Active Contributor
0 Kudos

Hi Kalyan,

you need to trace the user role requirment for the user.

the role SAP_XI_APPL_SERV_USER also includes the authorizations for executing the IDoc Adapter and the Plain HTTP Adapter. But you can try assigning the below role and do a authorization test from RFC destination.

SAP_BC_WEBSERVICE_PI_CFG_SRV

regards,

Harish

former_member187447
Participant
0 Kudos

Harish,

May i know how we can run the trace to see what authorization is missing for the IDOC i am sending

Harish
Active Contributor
0 Kudos

Hi Kalyan,

Please check the below links

Authorization trace for another user | SCN

Troubleshooting Authorization Problems (SAP Library - Authorizations in mySAP HR)

Authorization Trace in transaction ST01 - Product Lifecycle Management - SCN Wiki

Are you posting Z IDOC or standard IDOC? In case of Z IDOC you need addition access.

Regards,

Harish

former_member187447
Participant
0 Kudos

Harish,

Somehow the trace is not working, I am checking in PI by tunrning on the trace and running hte steps and then after i turn off the trace and check the analysis and execute with the user in question i dont see any records. I also checked in SM51 and there is only one server.

Harish
Active Contributor
0 Kudos

Hi Kalyan,

you need to trace in SAP system (ECC) for the user, because user is created in SAP.

Please also confirm if the user shown in screenshot "PA***" is used in RFC destination.

Regards,

Harish

former_member187447
Participant
0 Kudos

Harish,

I have done the trace in SAP system also only to see there are no records.