As of SAP Release 4.0 you can also use synchronous interfaces in ALE distribution scenarios.
These interfaces may either be BAPIs or dialog methods. In both cases an object method from the BOR is defined as an API method and implemented by an RFC-enabled function module. This function module is then called by synchronous RFC.
You can specify different RFC destinations for different synchronous method calls.
To ensure compatibility with earlier releases, the standard RFC destination for BAPI calls is also used for calling the following RFC-enabled function modules that are not assigned to an object method in the BOR.
You can assign RFC destinations for synchronous method calls in ALE Customizing:
IDoc Interface/Application Link Enabling (ALE)
Specify RFC Destinations for Method Calls
You can define the following types of RFC destinations:
? The standard RFC destination for BAPI calls uses a fixed user ID of type CPIC in the server system and is only available through the authorizations to carry out BAPI calls via ALE. The necessary authorizations for this are non-critical. Unauthorized access with this user ID is not possible.
? The standard RFC destination for dialog calls uses a fixed user ID of type DIALOG in the server system and is only available through the authorizations that carry out dialog calls via ALE. The necessary authorizations for this are non-critical. Unauthorized access with this user ID is not possible.
For special methods (BAPIs or dialog methods), which must be protected from unauthorized access, a new RFC destination is created on the client system.
The client system must be specified as a trusted system on the server system (see remote communications, Trusted Systems: Trust Relationships Between SAP Systems).
No user ID nor password is specified in this RFC destination. This RFC destination is assigned to the methods to be protected. The current user ID in the client system is used to logon to the server system. The method can only be called if the user has authorization for it (authorization object S_RFCACL).
In some cases a different assignment may be required.
The ALE scenario comprises two systems:
There are 200 on-line users in the AC system, among them, one with the user ID CEO.
The AC system is to call some methods synchronously in the HR system.
Only the user CEO is to be authorized to make the remote call to the method Document.Display in the HR system.
There is only one on-line user on the HR system, among them, one with the user ID CEO.
The following methods are to be called on the AC system:
0 Document.ReadInfo (synchronous BAPI, called through RFC)
0 Document.Check (synchronous BAPI, called through RFC)
0 Document.Display (dialog method, called via RFC by the CEO user only)
In addition to the CEO user, an ALE_AC user is created in the HR system.
ALE_AC is of type CPIC, it is not a dialog user. Users of type CPIC cannot usually start dialog transactions. ALE_AC only receives the authorizations that enable the remote call to the methods Document.ReadInfo and Document.Check.
The profile parameter auth/rfc_authority_check for the RFC authorization check is set in both systems. An authorization check is carried out on the function group of the function module called (authorization object S_RFC).
? HR system:
The AC system is set up as the trusted system in the HR system.
The data provided by the trusted system is checked for system name, client, user name, and other optional data. These data must match the field values of authorization object S_RFCACL.
? AC system:
Two RFC destinations are created on the AC system both with the same application server in the HR system.
The user ID ALE_AC and a password are defined for these destinations.
No user ID is assigned to this destination.
HR_DOC is specified as the standard destination for synchronous BAPI calls from the HR system.
The RFC destination HR_BLANK is specified for calling the HR system method Document.Display.
This procedure produces the following results:
? A well-protected HR receiving system.
? The password of user CEO is not transferred.
? No unnecessary on-line users in the HR system.
? As no standard RFC destination is specified for dialog calls, Document.Display is the only method that can be called from the AC system.
? When a release is upgraded, methods cannot be unintentionally called in the HR system. The user authorizations in the HR system prevent this.
? With asynchronous BAPI calls, the RFC destination in the partner profile is specified for the associated message type.