03-31-2011 9:40 PM
We recently did a client copy and I am trying to add roles and/or profiles to users, but CUA does not recognize either. When I choose "Text comparison from child sys." I get an error message for that new client that says, "User has not RFC authoriation for function group SUU6." Any assistance you can provide would be appreciated.
03-31-2011 10:57 PM
Hi,
that user which is used to get texts from child system does not have authorization for RFC call from function group SUU6. Just check what roels are assigned to user which is used for RFC connection from parent to child system. All RFC connections can be viewed in SM59.
Cheers
04-01-2011 6:20 AM
Hi Karen,
The communication user don't have proper access of object: S_RFC.
After assigning access of function group SUU6 also the authorization may not work, user may face another issue in S_RFC object. Better assign SAP_ALL and SAP_NEW or any other role containing highest authorizations to the communication id. Then do the test and take trace. Then assign the required values in S_RFC to the FRC user role.
Regards,
Sandip
04-01-2011 8:26 AM
>
Better assign SAP_ALL and SAP_NEW or any other role containing highest authorizations to the communication id
No, it's not better. It's a bad practice assigning SAP_ALL to communication users. It's a violation of Principle of Least Privilege. You should also use SAP_NEW just for limited period of time. SAP provides a role for this purpose. It's mentioned in CUA cookbook. There is a recent post from Julius on this forum about removing SAP_ALL from the system. It has some info why SAP_ALL and SAP_NEW are not supposed to used.
Cheers