Show TOC

Generating Authorization ProfilesLocate this document in the navigation structure

In this step, you assign the specific authorization profile of the back-end application, so that the RFC user can execute the bgRFC function.

Procedure

  1. In Customizing for SAP NetWeaver, choose Start of the navigation path Gateway Next navigation step OData Channel  Next navigation step Configuration Next navigation step User Settings Next navigation step Define Role for SAP NetWeaver Gateway User End of the navigation path (or run transaction PFCG).
  2. On the Role Maintenance screen, in the Role field, enter SAP_BC_ENDUSER.
  3. Choose Copy Role (Shift+F11) and, in the dialog, complete the fields as follows:

    Field

    Value

    from role

    Enter SAP_BC_ENDUSER.

    to role

    Enter Z_GW_ENDUSER.
  4. Choose Copy all.
  5. Choose Role > Change for the newly created role and, in the Description field, enter Gateway End User.
  6. On the Authorizations tab, in the Edit Authorization Data and Generate Profile group box, choose Change Authorization Data.

    The Change Role: Authorizations screen appears.

  7. To insert new authorization objects, choose Edit > Insert authorization(s) > Manual input.
  8. On the Manual selection of authorizations screen, enter the relevant authorization object, and choose Continue. Do this for each of the following authorization objects:

    Authorization Objects

    Fields

    Values

    S_RFC

    Authorization Check for RFC Access

    RFC_TYPE

    FUGR

    RFC_NAME

    CLB2_INT_RFC

    ACTVT

    16 (Execute)

    S_RFCACL

    Authorization Check for RFC User (for example, Trusted System)

    RFC_SYSID

    <system id>

    RFC_CLIENT

    <client>

    ACTVT

    16 (Execute)

    S_SERVICE

    Check at Start of External Service

    SRV_NAME

    Enter * or restrict to the values relevant for the application-specific services.

    SRV_TYPE

    Enter * or restrict to the values relevant for the application-specific services.

    S_USER_GRP

    User Master Maintenance: User Groups

    CLASS

    FUNCTIONAL

    ACTVT

    03
    Note

    In addition, assign any authorizations that are relevant for your application-specific services.

  9. Save your entries.
  10. Choose Generate.
  11. In the Generate profile dialog, choose Generate.
  12. In the Assign Profile Name for Generated Authorization Profile dialog, choose Execute or choose Enter.
  13. Choose Back (F3).

Results

You have generated the authorization profile for the RFC user.