Question:
I will be developing some Bapis used by a .net web client. There will be many users logging in to the .net app and authorizations will need to checked throughout user's session. The difficulty is picturing how this maps into SAP.
Is it:
1. n web users -> one bapi user -> n SAP users
2. n web users -> n bapi/SAP users
Case 1: don't know how to manage it but would save on licensing fees
Case 2: Would solve things but need to give SAP users RFC authorization
Any suggestions are welcome...
phillip
Answer:
You ought to look at your license very carefully. SAP is quite sensitive to the bapi backdoor. In most cases the ethical answer is number 2. You can secure the access just as well as you can with going through the gui.
Answer:
In general you need a one-to-one access from .net to SAP, but SAP bends these rules as well. In there ESS/ITS solution they allow you to use ONE generic ID to access read only common data accessable to all employees with the understanding that access to SAP is INSIDE the company's fire wall assuming that the company intranet is "secure" . The individual Employee records are then accessed based on a one-to-one relationship.
So depending on your application you might be able to use one id say for a product catalog view, but ordering would then be by unique Id.
If your BAPI coding is sophisticated enough you can use a generic ID that validates the .net logged on user of the application and then "transfers" the appropriate access to the generic ID once validated on the SAP side. This keeps the generic ID without any specific access until validated. SAP would probably frown on it but it is achievable without any auditable record.
Answer:
A lot of people use CPIC users from .net into SAP using BAPI / RFC
_________________
Kind Regards
Rosie Brent
Please remember to search the forum and check the FAQ before posting questions, thank you.
Tuly Idiot most of the time, part-time Guru