06-15-2009 2:54 PM
Hi,
I created a program that calls transaction SPAD and adds/deletes printers from SAP (via BDC calls). We want the help desk to execute this new program when adding/deleting printers from SAP (instead of using SPAD).
Since we don't want to give the users access to transaction SPAD, would be possible to execute this new program under a generic ID that would have write-access in SPAD.
Thanks in advance,
Jen
06-15-2009 3:03 PM
Hi,
If you are running this in the background ..then you request the Basic team to create the Batch userid and assign this batch user id which scheduling your program.
06-15-2009 3:03 PM
Hi,
If you are running this in the background ..then you request the Basic team to create the Batch userid and assign this batch user id which scheduling your program.
06-15-2009 3:10 PM
Okay, but is this possible if the user executes the program right away (not via a job)? I have created a front-end screen to allow the user to input the printer details. The user should hit the "execute" button and the printer will be added or removed.
Thanks,
Jennifer
Edited by: Jennifer Alexander on Jun 15, 2009 4:11 PM
06-15-2009 3:15 PM
Hi,
Yes..You can ask the Basic team to create the generic user id to execute the program.
06-15-2009 3:21 PM
I think it doesn't matter for you whether its run in background or foreground.
By Generaic what do you mean? If everyone in service desk is going use the same ID then its good that you assign access to all of them.
if you dont want give access to all, create a System user and have everyone to schedule job using that user only.
06-15-2009 3:25 PM
Might be possible via RFC. Try creating an RFC-enabled wrapper function module around your SPAD call, maintain an RFC connection to the same box with a technical user and password maintained, call the function in your program with addition STARTING NEW TASK (see ABAP help).
Make sure the technical user has authorization only for SPAD and related as well as RFC calls to the function group where your function module resides.
Thomas
P.S. Marcin, authorization for tcode SPAD will not be enough, there is plenty of auth checks inside that transaction for the S_ADMI_FCD object.
06-15-2009 4:12 PM
Thank you for this suggestion. I am not familiar with "RFC-enabled wrapper function module". Would it be possible for you to show me an example of how this works?
06-15-2009 4:43 PM
Too much to explain step by step for my lazy self, I hope you have an experienced developer at hand and he/she will probably know what I'm talking about and how to approach this.
There is also a chance that somebody else here has a better i.e. simpler idea how to solve this.
Thomas
06-17-2009 9:15 PM
Okay, I have created an RFC-enabled function module that contains my BDC calls to SPAD. What did you mean by "maintain an RFC connection to the same box with a technical user and password maintained"?
I reviewed all of the RFC documentation in the SAP Help and couldn't find anything regarding calling an RFC with a different userid.
Thanks,
Jennifer
06-17-2009 11:16 PM
Afer all....
Check your licence contract...you may have trouble with it...
bye
Gabriel
06-15-2009 3:05 PM
yes very much, while defiening job in Sm36 you have to specify this generic userid. You can define the user type (Su01) as B.
06-15-2009 3:22 PM
Hi Jennifer,
If you call transaction within your program, it already ommits any authorization checks, so he (help desk user) can easily execute your program even without permission to called transaction.
Anyhow you can restrict his ability to call certain transactions (for those which are called within a program) using SE97 . There is nice documentation so you should have no problems how to setup it.
Regards
Marcin