cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User ID in function import

Former Member

on ‎11-16-2018 1:24 PM

0 Kudos

We use Fiori smart app with 2 buttons. Processing of buttons goes through function import and all code are in *_DPC_EXT class.

Now i need to add Authorization check for different users. I've chacked the sy-uname in my class and see, that from Fiori app comes RFC_CORR_REQ user. How can i pass logged user, not this standard user?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

maheshpalavalli
Active Contributor
‎11-16-2018 2:33 PM

Hi Aliaksandr Likhach,

I will explain the solution by 2 different methods:

1. If there is a reason to hardcode the RFC with 'RFC_CORR_REQ'

Then in the UI5 application, using the ushell service you can get the user name and add another importing parameter to the function import and pass the user from the ui5 app function call, then in the bacckend you can do the authorization based on the importing parameter which has the user id.

https://answers.sap.com/questions/251904/name-of-the-current-user-sap-ui5.html

2. If there is no reason for which the RFC user is hardcoded with 'RFC_CORR_REQ'

Then assuming your system is having the HUB architecture, you can register the odata service in frontend sytem with an alias which uses the trusted connection rfc role. using this if any user login to the front end system SAP frontend system will propagate the userid to backend system call, so here your sy-uname will be having the logged in user id.

https://help.sap.com/saphelp_gateway20sp12/helpdata/en/8e/c7745322614e3fe10000000a441470/frameset.ht...

BR,

Mahesh

Show replies
Show replies
Former Member
‎11-19-2018 8:56 AM
0 Kudos

Hello, thank you for your answer.

But could you please explain what does it mean: "trusted connection rfc role"?

Is this a special role only for RFC connections? Now all our alias have no user roles at all. Do i need to create a new role and then assign it to alias and to my user?

maheshpalavalli
Active Contributor
‎11-19-2018 12:02 PM

Hi Aliaksandr Likhach,

Actually if its a hub architecture, every user in ECC(Backend System) will have the same user id created in Gateway(Front End System).

Now what happens is if the user login into Frontend(e.g, Fiori launchpad ), he needs to fetch the data from the backend system via odata service in front end system. So by assigning a trusted RFC role between Frontend - Backend system, the user will be auto authenticated to Backend system and will fetch the data to your application.

For this, basis will be create a role for Trusted RFC connection and will add it to the user. Then you can remove the hardcode user id that is added to the RFC destination which is linked to your system alias.

You can check the SAP note where it mentions what role to be added to the user:

https://launchpad.support.sap.com/#/notes/0002482230

By having this maintained, you can see your sy-uname of the logged in user in the backend system.

BR,

Mahesh

Former Member
‎11-19-2018 12:21 PM
0 Kudos

Maybe i'm trying using not right way?

Requirement is - to add authorization to Fiori smart app. I thought. that i will pass user to the back-end, where i will analyse it using standard abap functionality. Am i right? Or there is another method?

maheshpalavalli
Active Contributor
‎11-19-2018 12:42 PM
0 Kudos

Hi Aliaksandr Likhach,

Actually you can do a single thing in multiple ways which might be correct for one scenario and might be incorrect for another scenario.

So if possible could you please let me know the reason behind the hardcoded user id in RFC destination.

In the most ideal scenarios, user id will not be hardcoded, it will authenticated (Frontend-Backend) via the trusted RFC.

You can still pass the user id using the approach in the URL that i've mentioned. But still it is not the recommend way. The recomended way is using the Trusted RFC destination.


BR,

Mahesh

Former Member
‎11-19-2018 1:04 PM
0 Kudos

Hm, i'm not sure, that my answer will explain something )). Because it is - I don't know. I didn't hardcode this user. I've created my own user in Web IDE, connected to my system, created service and alias, then i've created CDS view and created app. Everything works good. But now there is a requirement: add authorization for this application. I've found that RFC user is RFC_CORR_REQ. And i even don't know from where it comes. May be you can tell me where this user can be hard-coded? I will ask responsible person about this user.

maheshpalavalli
Active Contributor
‎11-19-2018 1:54 PM

You need to find the system alias with which the odata service is registered.. using /n/iwfnd/maint_service

I think when u double click on system alias it will take you to the destination directly.. if it won't then go and check in the gateway configuration where the system alias and RFC destination relationship is maintained.. then go to sm59 and check the RFC destination.. in the RFC destination itself, you can find the hard-coded user id.

You can find many questions and blogs on this..

BR,

Mahesh

Former Member
‎11-20-2018 8:47 AM
0 Kudos

Hi, i've found where this user is hard-coded. Transaction is /IWFND/ROUTING

maheshpalavalli
Active Contributor
‎11-21-2018 5:36 AM

Is it? and is it hardcoded in the RFC destination that is provided there?

BR,

Mahesh

Former Member
‎11-21-2018 7:21 AM
0 Kudos

yes. it is hardcoded. Now we are speaking with basis team about this issue. Thank you very much for your help.

Ask a Question