As the SAP Basis administrator, we know that we can establish the trusted RFC between ABAP systems in which we can connect to the target system with our current user without providing the credentials like in screenshot below.
But what if we want to use a specific technical user and still want to benefit from trusted RFC? Actually, we can do it with the same method and I will show you how in this blog post.
First of all, since we need to create the trusted RFC, we need to establish the trusted relationship between systems through transaction code SMT1. In the scope of this blog, I’ll assume that we need to define the trust between system AA and BB.
1. Go to SMT1 Tcode on AA, and click the “Create” button to start the process.
2. Click “Continue”.
3. On the next screen, we need to provide the information about the target server and login information. It'll create a new RFC on the target server called "TRUSTING@<SID>xxxxxxxx".
4. On the following screens, just click on “Continue” and “Finish” on the final screen.
5. Now, it’s finished on the first system AA and you need to do the same steps on the second system BB.
Next, we need to make sure that the technical user on the source system has enough authorizations to allow the trusted call from the source system.
For that purpose, the user role needs to have the authorization object S_RFCACL. Below is the description of its field.
After finishing the role creation, please make sure that the role will be assigned to the technical user on the called system.
We have come to the final step. For details on creating the RFC in SM59, please refer to the SAP help documentation. In this blog, I’ll focus only on trusted RFC settings.
After specifying the target hostname and SID, go to the Logon & Security tab and set the Trust Relationship to “Yes”.
Now, instead of setting the checkbox at “Current User”, we will leave it blank and give the information about the technical user from the called system. Of course, the password is no longer necessary because we’re creating a trusted connection.
Save the connection and execute “Authorization Check”.
At this point, if you log in to the called system and go to TCode SM59. Then you will see the connection from the calling system but from that technical user, not ours.
I hope that blog will find you well. If you have any questions or concerns so far, feel free to contact me.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
6 | |
5 | |
4 | |
4 | |
4 | |
4 | |
4 | |
4 | |
3 |