on 11-16-2018 1:24 PM
We use Fiori smart app with 2 buttons. Processing of buttons goes through function import and all code are in *_DPC_EXT class.
Now i need to add Authorization check for different users. I've chacked the sy-uname in my class and see, that from Fiori app comes RFC_CORR_REQ user. How can i pass logged user, not this standard user?
I will explain the solution by 2 different methods:
1. If there is a reason to hardcode the RFC with 'RFC_CORR_REQ'
Then in the UI5 application, using the ushell service you can get the user name and add another importing parameter to the function import and pass the user from the ui5 app function call, then in the bacckend you can do the authorization based on the importing parameter which has the user id.
https://answers.sap.com/questions/251904/name-of-the-current-user-sap-ui5.html
2. If there is no reason for which the RFC user is hardcoded with 'RFC_CORR_REQ'
Then assuming your system is having the HUB architecture, you can register the odata service in frontend sytem with an alias which uses the trusted connection rfc role. using this if any user login to the front end system SAP frontend system will propagate the userid to backend system call, so here your sy-uname will be having the logged in user id.
BR,
Mahesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Actually if its a hub architecture, every user in ECC(Backend System) will have the same user id created in Gateway(Front End System).
Now what happens is if the user login into Frontend(e.g, Fiori launchpad ), he needs to fetch the data from the backend system via odata service in front end system. So by assigning a trusted RFC role between Frontend - Backend system, the user will be auto authenticated to Backend system and will fetch the data to your application.
For this, basis will be create a role for Trusted RFC connection and will add it to the user. Then you can remove the hardcode user id that is added to the RFC destination which is linked to your system alias.
You can check the SAP note where it mentions what role to be added to the user:
https://launchpad.support.sap.com/#/notes/0002482230
By having this maintained, you can see your sy-uname of the logged in user in the backend system.
BR,
Mahesh
Actually you can do a single thing in multiple ways which might be correct for one scenario and might be incorrect for another scenario.
So if possible could you please let me know the reason behind the hardcoded user id in RFC destination.
In the most ideal scenarios, user id will not be hardcoded, it will authenticated (Frontend-Backend) via the trusted RFC.
You can still pass the user id using the approach in the URL that i've mentioned. But still it is not the recommend way. The recomended way is using the Trusted RFC destination.
BR,
Mahesh
Hm, i'm not sure, that my answer will explain something )). Because it is - I don't know. I didn't hardcode this user. I've created my own user in Web IDE, connected to my system, created service and alias, then i've created CDS view and created app. Everything works good. But now there is a requirement: add authorization for this application. I've found that RFC user is RFC_CORR_REQ. And i even don't know from where it comes. May be you can tell me where this user can be hard-coded? I will ask responsible person about this user.
You need to find the system alias with which the odata service is registered.. using /n/iwfnd/maint_service
I think when u double click on system alias it will take you to the destination directly.. if it won't then go and check in the gateway configuration where the system alias and RFC destination relationship is maintained.. then go to sm59 and check the RFC destination.. in the RFC destination itself, you can find the hard-coded user id.
You can find many questions and blogs on this..
BR,
Mahesh
Is it? and is it hardcoded in the RFC destination that is provided there?
BR,
Mahesh
User | Count |
---|---|
87 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.