23.19 RFC User Authorization and Calls

Remote Function Call (RFC) is a standard SAP interface that is used for several functions and mainly to communicate between systems. RFC requires a valid username and password to log into the system, stored in the Liquid UI profile. In production systems, the default login user, SAPCPIC, is typically locked. Hence, we advise creating a dedicated Liquid UI RFC user with full privileges.

Note: You can use your Liquid UI login credentials for testing purposes.

Purpose

This documentation aims to illustrate how you can set up a trusted relationship between two ERP systems. At the Liquid UI scripts level, RFC first accesses the scripts stored at the web repository and then gets data from function modules. To demonstrate this process we are considering the Profiles: Initial screen as an example and we’ll guide you through the following steps:

1. Navigate to the SU02 transaction screen
2. Create a role in the Liquid UI Server
3. Define the parameters of the role
4. Specify the function group for function modules using existing Remote Enabled SAP Function Modules
5. Assign the role of the RFC user
6. Communicate between two ERP systems through RFC

Let’s dive into the process of creating a Role in Liquid UI.

Follow the below steps to create an RFC user using SU01 and SU02 transactions in SAP. Let’s proceed with an example that illustrates “how to create the necessary user rights for web repository access”. Consider two systems Liquid UI Server & SAP ERP systems, where Liquid UI Server is the source, and SAP ERP is the destination. Here, we are trying to get user details from a function module called BAPI.

Creating the RFC in Liquid UI Server (source)

1. Navigate to the Profiles: Initial screen by entering SU02 in the tcode field, as shown below.
   
    
   
    
2. Click on the To Profile Generator, which navigates to the Role Maintenance screen. Enter the role name, then click the Single Role push button, as depicted in the image below. Here, we have mentioned the role name as LIQUIDUIWEBSERVER.
   
    
   
    
3. Click on the Authorizations tab. Then, the Save the role pop-up will appear click Yes to save the role.
   
    
   
    
4. On the screen that appears, click Change Authorization Data. Then, the Change Role: Authorizations screen will appear with a list of templates. Click Do not select templates, as shown below.
   
    
   
    
5. Now, click the Manually icon in the menu bar. Then, the Manual selection of authorizations pop-up will appear. Enter authorization objects S_RFC, S_USER_GRP, and S_USER_SYS, and then click Enter.
   
    
   
    
6. On the appeared screen, click Open. Click on the change icon (highlighted), as shown in the following image.
   
    
   
    
7. On the appeared Define Values pop-up, select the checkbox and hit Enter. 
   
    
   
    
8. Click on the Name (Whitelist) of the RFC object. Then, the Field values popup will appear. Enter the details, and hit Enter. 
   
    
   
    
9. Click on the Change icon (highlighted), as shown below. Then, the Define Values popup will appear. Mark the FUGR checkbox, and press Enter. 
   
    
   
    
10. Click the Generate button on the toolbar. Then the Generate profile popup will appear. Click Generate to proceed, as shown below.
    
     
    
     
11. On the Assign Profile Name for Generated Authorization Profile popup, press Enter to continue. Then, you'll see the success message Profile(s) created at the bottom of the screen. With this, defining parameters is complete.
    
     
    
     
12. Click Save on the appeared screen, as shown below.
    
     
    
     
13. Now, click the back button, and then the Exit Authorization Maintenance pop-up will appear click on the Generate icon.
    
     
    
     
14. You will be navigated to the Change Roles screen, where you can see the Role name and message at the bottom of the screen as Profile(s) created.
    
     
    
     

With this, profile creation comes to an end. Now, we have to assign this role (LiquidUISERVER) to the RFC user.

Assigning the Role of LIQUIDUISERVER to the RFCSource.

Follow the below steps to assign the role LIQUIDUIDSERVER to the user (RFCSource).

1. Navigate to the SU01 transaction, and enter the user as RFCSource; click Create, and you will be navigated to the Maintenance Users screen, and enter the Last name as LUI RFC User.
   
    
   
    
2. Navigate to the Logon data tab, enter the password, and set the User Type as Communications Data.
    
   
    
3. In the appeared screen, click the Roles tab to add the role created.
    
   
    
4. Now, click the Profiles tab, as shown in the following image.
    
   
    
5. Then, a window appears with the created profile LIQUIDUISERVER, as shown in the image below.
    
   
    
6. Now, double-click on the created profile, and verify the authorizations.
    
   
    
7. Click back, and then click Save.
    
   
    
8. Hence, the role LIQUIDUISERVER is successfully assigned to the user RFCSource.