Question:
hi, i have 2 instances, A and B. for A to remote logon to B, i need to fill in the rfc user of B in A in the rfc connection details.
1) can the user has sap_all profile?
2) is the user dialog or cpic?
my situation.
1) i created a user, cpic type with sap_all however, when i click on remote logon , it fails to do so.
2) so i changed the user type to dialog and it works but i dont think a rfc user should be of type dialog
_________________
The heart has its reasons which reason knows not of
PASCAL
Answer:
hi, i have 2 instances, A and B. for A to remote logon to B, i need to fill in the rfc user of B in A in the rfc connection details.
1) can the user has sap_all profile?
Why not - if you really want to compromize the system's security.
Answer:
Workng as designed. A CPIC ( or communication ID) CANNONT and DOES not logon in DIalog mode, so when you use the remote login button in SM59 and you set the RFC destination up with a CPIC id you should get and almost inpreceptable screen blink indicating the remote login "worked", if not you get an error or a logon screen because the password is wrong or the ID does not exist inthe target.. Since the CPIC ID has no dialog rights you will not enter the system and view what is going on, but you entered.
Further the CPIC should ONLY have the access neded to perform the functionality the destination is defined to do , no more. The Id should NEVER have SAP_ALL.
Answer:
Workng as designed. A CPIC ( or communication ID) CANNONT and DOES not logon in DIalog mode, so when you use the remote login button in SM59 and you set the RFC destination up with a CPIC id you should get and almost inpreceptable screen blink indicating the remote login "worked", if not you get an error or a logon screen because the password is wrong or the ID does not exist inthe target.. Since the CPIC ID has no dialog rights you will not enter the system and view what is going on, but you entered.
so its the right behaviour.. thanks, and in what situations is this rfcuser used for?
Further the CPIC should ONLY have the access neded to perform the functionality the destination is defined to do , no more. The Id should NEVER have SAP_ALL.
agreed... from /forums/viewtopic.php?t=105825&highlight=modeluser, what are the recommended roles/profiles for this model_user? thanks
_________________
The heart has its reasons which reason knows not of
PASCAL
Answer:
yls177, please stop changing the topic in midstream. If you want to reply to the "model user" email, please do so by replying to that topic, not this one.
As far as this topic goes, if you don't know what a RFC user is used for, why are you trying to create one with SAP_ALL authorization?
_________________
Keith
To SEARCH the forum, go here: /forums/search.php
Answer:
does that mean a rfc user uses dialog and cpic doesnt? i dont think so......
my thoughts are that if a user is of type, rfc and cpic, they still uses dialog processes, the difference is that both of them do not requires to enter password or should i say for cpic
_________________
The heart has its reasons which reason knows not of
PASCAL
Answer:
Yes,technically, an ID used in a RFC destination uses a dialog process in BASIS-SPEAK ( not common speak) but you will not get an interactive GUI.
A CPIC is used in a non-interactive connection to the system , there is not FORMAL definition of an RFC user just a user using an RFC destination. A CPIC userid ( now called Communication ID) CANNOT be used in an interactive-GUI-dialog connection and the password never expires, conversly a generic use's Password expires but can be placed in a RFC destination definition but the password will expire as an oother generic ID. A user ID that is NOT a CPIC defined ID and used in a RFC destination with the password provided will allow anyone with access to enter a rfc destination will be able to get into another system in interactive mode, either with SM59 or the ohter methods.