Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

RFC login and user creation to remote system

DanH1
Participant
0 Kudos

Hi there,

Hopefully this is the related forum for this question. We have a scenario where we need an automated process to create users on one system and then create just the same account on a remote system with deactivated password.

How is this best handled in ABAP code where the system account info/password of the remote system is not listed in the abap code. Should a SM59 connection be created and then somehow this is referenced from abap code ?

Also, this will be a SM37 job stream running on the local server under one name running the job and in the code it should be using a different name (destination) for the remote connection to create the user.

I am a security person, not abaper. Input /best practice appreciated.

Thanks !

2 REPLIES 2

Former Member
0 Kudos

BAPI_USER_CREATE1 check this BAPI.

Similarly you can create a RFC in othe rsystem and call it from your system.

When iit create user id & password

Pass it to login.

I hope it will heps you

Former Member
0 Kudos

> I am a security person, not abaper. Input /best practice appreciated.

Actually this is a security question, so I have moved it to the security forum...

If the password is to be deactivated in the target system but not in the source ("master" system) then you can use several standard user provisioning mechanisms for this (CUA, GRC-CUP, IdM, UME configuration...) and configure the target system to deactivate the password itself. There are also several ways of achieving this, without any coding required necessarily.

The most obvious one which jumps to mind is RZ11 parameter login/password_change_for_SSO.

Alternately if your scenario is better suited to it, you can also use login/password_max_idle_initial.

Also see transaction RSUSR200.

Etc...

> Should a SM59 connection be created and then somehow this is referenced from abap code ?

No. It should be referenced from configuration of the application which calls the RFC connection, defined in SM59. You can also optionally use the "current user" setting and alternate authentication methods to (saved) passwords. This I would generally recommend.

Cheers,

Julius

Edited by: Julius Bussche on Feb 23, 2010 10:36 PM