Hi all,
When sending IDOCs from SAP to Business connector, I am getting this message ‘Access Denied’ in my SM58 transaction. I have verified the RFC connection and the logical system definition in distribution model. Everything seems to be right. I have also looked at ACL settings at the BC server level. This used to work perfectly fine until we had to bring down the server and brought it up again.
I would appreciate if someone can shed some light on it.
Roger SAP Adapter checks whether the user on SAP i.e., user executing the RFC that connects to BC exists on the BC. If it does, it creates a session on BC with this user. If not, it will create a session with user ‘SAPUSER’. If the user in SAP exists on BC, make sure it’s in the ‘SAPUsers’ & ‘Administrator’ group, if not create a SAPUSER (uppercase) inside the SAPUsers group. Also check the ACL for wm.PartnerMgr.gateway.transport.ALE:InboundProcess is set as SAPUsers.
If this does not help it could be a SAP permissions issue, turn on the ST01 (system trace) in SAP and track the authorizations. When you see a “1” or “3” beside the authorization object it will show that your sap user lacks authorization and u need to look into it.
I tried the options as you have mentioned. Verified the ACL in the BC too. There was a user SAPUser under SAPUsers group. We added SAPUSER (all caps) under SAPUsers group as you have mentioned. I am still getting the same error in SM58.
When I looked at the error in SAP it is failing in function module IDOC_INBOUND_ASYNCHRONOUS. On further debugging I found that it fails under perform routine function_call in program IDOC_INBOUND_ASYNCHRONOUS====FT. This program is a generated one.
I deleted and re-created by Partner definition, RFC settings. Nothing has helped so far.
PLEASE someone who has encountered this problem, shed some light on it.
-Are all your routing rules created and active?
-Try changing the ACL on the wm.PartnerMgr.xtn:get to SAPUsers.
-Check if you have all ACL settings as described in Appendix A of the webMethods SAP Adapter Security Best Practices 4.6 guide here
[url=“http://advantage.webmethods.com/bookshelf/Security_Best_Practices/SAP_Adapter_4.6_Security_Best_Practices.pdf”]http://advantage.webmethods.com/bookshelf/Security_Best_Practices/SAP_Adapter_4.6_Security_Best_Practices.pdf[/url]
-See if the account used by the SAP gateway through which the RFC connection is made from SAP to webMethods is not locked. This is not the same account as defined on the webMethods adapter
-Try reconfiguring the ACLs automatically, navigate to the <integration>/config directory and open the server.cnf file in a text editor. Delete the watt.sap.aclmap property, then save and close the file. Restart Integration Server. Integration Server will assign the correct ACLs to the SAP services/folders.
if none of this helps, i would suggest creating another instance of IS and configure it to work with your existing SAP system. If new instance works then you might have something corrupt in the old isntance, migrate your stuff over and you should be good to go with new instance.