Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No authorization to log on to trusted system

Former Member

‎02-06-2008 9:54 AM

0 Kudos

Hi,

I want to create RFC Connection between the trusting/trested Sytems i.e QAS and PRD Systems. For that i have created authorization Z_RFCACL_QAS in Authorization Object of S_RFCACL.

Where i am unable to assign this authorization to User inorder to connection beween Systems.

Please help me out how to assign Z_RFCACL_QAS authorization to SAP*.

Regards,

Raj

Edited by: raj kumar on Feb 6, 2008 12:32 PM

8 REPLIES 8

Former Member

‎02-06-2008 11:51 AM

0 Kudos

Enter the profile Z_RFCACL_QAS on the tab page "Profile" using transaction SU01.

-Pinkle

Former Member

‎02-06-2008 7:45 PM

0 Kudos

as u said , u have created a role containing object S_RFCACL, u can assign it to the user in pfcg it self and do a role comparison or in su01 too.

but what i would suggest is instead of using sap* for RFC purpose, create a special communication user and assign the role to that user and user to the rfc connection.

Former Member
In response to Former Member

‎02-06-2008 8:48 PM

0 Kudos

Yes, I agree with "jet l.....i!" (hope I got your name right

It is anyway a questionable setup to have permanent RFC connections between QAS and PRD, and when so, you should ensure that the user ID for the connection has the absolute bare minimum of authorizations and require more authorizations for the user running the "interface" to logon to the target themselves to complete the task at hand.

Certainly DDIC or SAP* is per default a bad idea to use for this, and will not work (the system blocks it for good reasons).

Cheers,

Julius

Former Member

‎02-06-2008 9:39 PM

0 Kudos

Hi Jet l...i,

The Authorization Z_RFCACL_QAS which i create in SU03 Under the Authorization Object of S_RFCACL.

But i unable to assign this Authorization to either role through the PFCG or user in SU01.

Regards,

Raj.

Former Member
In response to Former Member

‎02-06-2008 10:59 PM

0 Kudos

1. Goto SU02 and create the profile

2. Assign the object "S_RFCACL"

3. Assign the authorization object "Z_RFCACL_QAS" to that object.

4. Finally assign this profile to user.

Hope this will help.

-Pinkle

Former Member
In response to Former Member

‎02-07-2008 6:06 AM

0 Kudos

raj kumar,

so u have created a profile and not role. what i would suggest is that, go to pfcg create a new role and insert the object manually to that role and assign the role to that user. u can assign an object with out a tcode in the role. this makes life easier and it worked for me.

try it

Former Member
In response to Former Member

‎02-08-2008 9:35 AM

0 Kudos

Hi,

there is this standard role provided by SAP for the trusted system purpose.

SAP_S_RFCACL . copy this as a zrole maintain the authorizations, generate the profile and assign this to the user.

Former Member

‎02-08-2008 12:21 PM

0 Kudos

Alternatively if you want to ensure that all users which have SAP_ALL have the trusted RFC access there is a switch in table PRGN_CUST:

ADD_S_RFCACL - NO (default), YES - Give full authorization S_RFCACL in the profile SAP_ALL

Although I agree with previous posts around using SAP_ALL or DDIC as your RFC users... not advisable.