CPA CACHE refresh 403 Forbidden – No Authorization with PIDIRUSER or PIDIR
CPA Cache refresh fails in NW 730 and NW 731 with PIDIRUSER or PICACHEUSER with message 403 Forbidden – No Authorization.
When you perform the CPA Cache refresh with the PIDIRUSER or PIDIR<SID>, It says that 403 Forbidden – You are not Authorized.
You have referred the SAP Note Note 1232259 – Security Note: Cache refresh with user change and made changes to the user roles. You have created ABAP RFC destination SAPXICACHE<client> and also followed SAP Note : Note 1673399 – PI Upgrade: No RFC authorization for user PIDIRUSER. Still You are facing the No Authorization issue.
The solution to this problem is to update the XI ADAPTER FRAMEWORK component to the latest patch level with the current support stack or if possible to the latest support stack level in your system.
It is no longer possible to call this page with a service user (for example PIDIRUSER or PISUPER). The Full CPA Cache refresh has to be performed with a Dialog or a System user.If possible, you can take help from security team to change the PIDIRUSER to a system user.
In addition the Role ‘SAP_XI_ADMINISTRATOR_J2EE‘ needs to be added to the PIDIRUSER, along with the below mentioned roles.
A full CPA Cache refresh has immediate impact on the message processing. On large systems a full CPA cache refresh can take up to an hour. During this time only restricted message flow is possible.
The history of all CPA Cache updates and the current content can be displayed by the following URL:
For further details, you can refer SAP notes
1592426 PI SEC: Unauthorized use of administrative functions in PI
1600539 – PI AF: Manual Execution of a CPA Cache Refresh
Kasi Vishwanatha Gupta