RFC Destinations for Synchronous Method Calls

Use

As of SAP Release 4.0 you can also use synchronous interfaces in ALE distribution scenarios.

These interfaces may either be BAPIs or dialog methods. In both cases an object method from the BOR is defined as an API method and implemented by an RFC-enabled function module. This function module is then called by synchronous RFC.

You can specify different RFC destinations for different synchronous method calls.

To ensure compatibility with earlier releases, the standard RFC destination for BAPI calls is also used for calling the following RFC-enabled function modules that are not assigned to an object method in the BOR.

?      COHR_ORDER_CONF_MAINTAIN_RFC

?      COHR_ORDER_CONF_GET_RFC

?      COHR_ORDER_CONF_DETAILS_RFC

?      RP_REMITTANCE_ACKNOWLEDGEMENT

?      HRTIM_AA_DOC_SHOW

Procedure

You can assign RFC destinations for synchronous method calls in ALE Customizing:

Application Server
  IDoc Interface/Application Link Enabling (ALE)
     Communication
         Specify RFC Destinations for Method Calls

You can define the following types of RFC destinations:

?     The standard RFC destination for BAPI calls uses a fixed user ID of type CPIC in the server system and is only available through the authorizations to carry out BAPI calls via ALE. The necessary authorizations for this are non-critical. Unauthorized access with this user ID is not possible.

?     The standard RFC destination for dialog calls uses a fixed user ID of type DIALOG in the server system and is only available through the authorizations that carry out dialog calls via ALE. The necessary authorizations for this are non-critical. Unauthorized access with this user ID is not possible.

For further information on dialog methods see Integration of Dialog Interfaces in ALE Programming.

For special methods (BAPIs or dialog methods), which must be protected from unauthorized access, a new RFC destination is created on the client system.
The client system must be specified as a trusted system on the server system (see remote communications, Trusted Systems: Trust Relationships Between SAP Systems).
No user ID nor password is specified in this RFC destination. This RFC destination is assigned to the methods to be protected. The current user ID in the client system is used to logon to the server system. The method can only be called if the user has authorization for it (authorization object S_RFCACL).

In some cases a different assignment may be required.

Example

The ALE scenario comprises two systems:

?     AC

There are 200 on-line users in the AC system, among them, one with the user ID CEO.

The AC system is to call some methods synchronously in the HR system.

Only the user CEO is to be authorized to make the remote call to the method Document.Display in the HR system.

?     HR

There is only one on-line user on the HR system, among them, one with the user ID CEO.

The following methods are to be called on the AC system:

0     Document.ReadInfo (synchronous BAPI, called through RFC)

0     Document.Check (synchronous BAPI, called through RFC)

0     Document.Display (dialog method, called via RFC by the CEO user only)

User Master Records

In addition to the CEO user, an ALE_AC user is created in the HR system.

ALE_AC is of type CPIC, it is not a dialog user. Users of type CPIC cannot usually start dialog transactions. ALE_AC only receives the authorizations that enable the remote call to the methods Document.ReadInfo and Document.Check.

RFC Destinations

The profile parameter auth/rfc_authority_check for the RFC authorization check is set in both systems. An authorization check is carried out on the function group of the function module called (authorization object S_RFC).

?     HR system:

The AC system is set up as the trusted system in the HR system.

The data provided by the trusted system is checked for system name, client, user name, and other optional data. These data must match the field values of authorization object S_RFCACL.

?     AC system:

Two RFC destinations are created on the AC system both with the same application server in the HR system.

0     HR_DOC

The user ID ALE_AC and a password are defined for these destinations.

0     HR_BLANK

No user ID is assigned to this destination.

RFC Destinations for Methods

HR_DOC is specified as the standard destination for synchronous BAPI calls from the HR system.

The RFC destination HR_BLANK is specified for calling the HR system method Document.Display.

Result

This procedure produces the following results:

?     A well-protected HR receiving system.

?     The password of user CEO is not transferred.

?     No unnecessary on-line users in the HR system.

?     As no standard RFC destination is specified for dialog calls, Document.Display is the only method that can be called from the AC system.

?     When a release is upgraded, methods cannot be unintentionally called in the HR system. The user authorizations in the HR system prevent this.

More Information

?     With asynchronous BAPI calls, the RFC destination in the partner profile is specified for the associated message type.

?     For information on trusted systems and assigning destinations see the documentation Remote Communications.

Maintaining Remote Destinations

Trusted System: Trust Relationships Between SAP Systems