Skip to Content

Your first step should be what to install.

In the Service Marketplace, you can find the latest support packages available for your ECC and for your SCM installation.

After deciding your target release and support package, the installation will take place.

I will not focus on the installation itself. This can be covered in another blog. For now, let’s assume the systems are correctly installed:

a) Install Database

b) Install SCM directly from the Medias supplied

c) Execute SP Deployment on the SCM up to the desired stack.

d) Install Live Cache

e) Perform Live Cache Integration (/LC10)

 

After this, may the configuration start!

 

USER MAINTENANCE

* The following steps apply for both systems, ECC and SCM.

Create user profile for RFC Communication

SAP provides the SAP_ALL role for the default users (DDIC, SAP*). You may want to review this authorization when setting up the RFC user so remote users logging from other systems won’t be able to create other SAP_ALL users, for instance. It’s just a security precaution.

a) Use transaction /SU02 to open the SAP_ALL profile;

b) Copy the SAP_ALL profile to something else, like ZSAP_ALL

c) Navigate into the ZSAP_ALL profile and you will find several “generated profiles”.

Inside each one of those, are tons of authorization objects – some of them unwanted.

*You may want to remove the authorization objects related to User Master Maintenance, among others. This objects are responsible for that:

S_USER_AUT
S_USER_SYS
S_USER_SAS
S_USER_GRP

d) Find where they are first (meaning, in which of the generated profiles).

e) Copy all of the authorization objects on that profile and save somewhere else.

f) Remove this generated profile from the Profile.

g) Open /PFCG, Role Maintenance. Create a new Role (e.g. “ZSAP_ALL03”).

h) In “Authorizations”, add manually the desired authorizations originally removed from the ZSAP_ALL profile. Leave the undesired out.

Don’t forget to click in the yellow icons on the authorizations in order to make them active. They should have green lights.


f) Generate a profile.

*Now you will have two options: to add the ZSAP_ALL03 role to the user directly, or to include the generated profile into the ZSAP_ALL profile. I prefer the latest since it’s “cleaner”.

g) Go to /SU02, open the ZSAP_ALL profile and add the generated profile to the list of subprofiles.

h) Activate!

i) Go to /SU01. Create a new user (commonly “ALEREMOTE”).

f) Add the ZSAP_ALL profile to the user.

You will have to do the same in both systems.

By the end, you will have two ALEREMOTE users ready for establishing connections between the two systems.

 


Additional Tips

Each time you change a profile or role, you will have to perform the User Comparison for the authorization changes to take place.

For this, run the following report daily:

Role time-dependency scheduling report
PFCG_TIME_DEPENDENCY


To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

Leave a Reply