Maintaining SNC Information for Non-Dialog Users (SAP Library

Maintaining SNC Information for Non-Dialog Users

Use

For communications initiated by external CPIC or RFC programs that are to be protected with SNC, the system also validates the combination of the user ID in the SAP system and the SNC name supplied by the external program.

You can also use transaction SU01 to assign SNC names to RFC or CPIC users. Note, however, with transaction SU01, you can only assign a single SNC name to a user and there may be cases where you want to assign additional SNC names to RFC or CPIC users. For these cases, you can maintain additional SNC names in the extended user ACL (table USRACLEXT).

See Maintaining SNC Information for Dialog Users for information on using transaction SU01 to maintain users' SNC information. In this topic, we describe how to maintain the SNC information by directly entering the information in table USRACLEXT.

Caution

Although it is possible, we do not recommend entering additional SNC names for dialog users in USRACLEXT.

Prerequisites

● The user must have a user master record in the SAP system before you can enter the user ID in the table USRACLEXT.

● If you need more than one SNC name for a single user in the SAP system, you must establish a numbering system to distinguish between the different entries.

Procedure

From the table maintenance for table USRACLEXT (for example, using transaction SM30):

...

1. To change, create or delete entries, choose Goto à Details, Edit à New Entries, or Edit à Delete, respectively. (If only one entry in the table exists, then the details for this entry are displayed.)

The Change View for the user ACL appears.

2. If you need to create or change the user's master record, choose the Change User symbol to the right of the User field.

3. If the user has more than one SNC name, then enter the appropriate sequence number for the user in the Seq.number field (for new entries only).

4. Enter the user's SNC name in the SNC name field. (Choose the Change SNC Name symbol to the right of the SNC namefield to enter a longer SNC name.)

You can use the asterisk symbol (*) as a wildcard for both the SAP system user name as well as for the SNC name. Note the following:

○ If you enter an asterisk for the SAP system user ID, then the system accepts any user in the SAP system that has an SNC name that matches the name entered in the SNC name field.

○ If you enter an asterisk for the SNC name, then the system accepts the user with the corresponding SAP system user ID, regardless of his or her SNC name.

○ If you enter an asterisk in both fields, then the system accepts any user with any SNC name.

○ If you use the wildcard character in either field, the SAP system performs a password verification at connection time.

Note

An informational message appears if either of these fields contain the wildcard value.

Examples for Using the Extended User ACL

The table below shows sample entries for the extended user ACL.

User Name	Seq.number	SNC Name
EXT-CPIC	000	p:CN=MILLER, OU=TEST01, O=myCompany, C=US
EXT-CPIC	001	p:CN=TESTUSER, OU=TEST01, O=myCompany, C=US
EXT-RFC	000	*

Example 1: CPIC User

In this example, a CPIC program is used to communicate between two SAP systems. One possible scenario is to use the initiating SAP system as the SNC communication partner and define an entry for it in the system ACL (table SNCSYSACL). However, an entry in SNCSYSACL establishes complete trust for the system.

Instead of using SNCSYSACL, you can use the USRACLEXT table to allow the communication to run under specific accounts only. In the table above, the CPIC user EXT-CPIC is used for communicating between the two SAP systems; however, only the users with the corresponding SNC names for MILLER and TESTUSER are allowed to connect as EXT-CPIC.

Example 2: RFC User

The last table entry above allows the user EXT-RFC to connect regardless of the SNC name provided with the connection. In this case, the user’s password must also be provided at connection time.