Hello community,

to create a user ID with the correct (minimal) rights to call an RFC function modul you can use CCo and the following method.

  1. Create a new user ID with the TAC SU01, e.g. ZRFCTEST, with the user type Communication and don’t set any role assignments.

  2. Try a simple connect with the following script:

    '-Begin-----------------------------------------------------------------
    
      '-Directives----------------------------------------------------------
        Option Explicit
    
      '-Variables-----------------------------------------------------------
        Dim SAP, hRFC, rc
    
      '-Main----------------------------------------------------------------
       Set SAP = CreateObject("COMNWRFC")
       If IsObject(SAP) Then
        hRFC = SAP.RfcOpenConnection("ASHOST=ABAP, SYSNR=00, " & _
          "CLIENT=000, USER=ZRFCTEST, PASSWD=minisap")
        If hRFC Then
          MsgBox "Check connection with TAC SMGW in the SAP system"
          rc = SAP.RfcCloseConnection(hRFC)
        End If
        Set SAP = Nothing
      End If
    
    '-End-------------------------------------------------------------------

  3. Now, when you execute the script, you get the following error message:
    /wp-content/uploads/2015/12/001_852538.jpg
    Also you can find more information with the TAC ST22.

    /wp-content/uploads/2015/12/002_852545.jpg

  4. Now create with the TAC PFCG a new role, e.g. ZRFCTEST, and maintain the authorization data. Add manually the authorization object S_RFC.

    /wp-content/uploads/2015/12/001_852538.jpg

  5. Add the activity execute (16) with the type function group and the name SYST, as you see in the error message.

    /wp-content/uploads/2015/12/001_852538.jpg

  6. Generate the role and add user ID in the user tab. Now you see the role in the role tab of TAC SU01.
    /wp-content/uploads/2015/12/001_852538.jpg

  7. Now all should work as expected.

    /wp-content/uploads/2015/12/001_852538.jpg

 

With this method you have the possibility to analyze missing S_RFC authorization objects with your script step by step and to create therewith a user with the correct (minimal) authorization objects. As you can see from this example a simple RfcOpenConnection needs the S_RFC authorization object with activity execute and the function group SYST.

Hint: In newer SAP releases you have also the possibility to name the function module.

/wp-content/uploads/2015/12/001_852538.jpg

Enjoy it.

Cheers
Stefan

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply