Use Trust Relationships for Quicker and More Secure RFCs

  • by Susana Messias, SAP CRM Consultant, BBKO Consulting
  • April 15, 2006
Learn the four basic steps involved in setting up a trust relationship between mySAP CRM and R/3, or mySAP ERP Central Component (ECC) 5.0. Also find out how to set up user authorization profiles to enable access to both systems.
Key Concept
When you set up a trust relationship between two systems, you only need one user ID/password combination to access both of the systems. In a trust relationship, the calling system (client system) plays the role of the trusted system, and the called system (server system) plays the role of the trusting system.

Say you wanted to obtain a detailed analysis of documents displayed in a customer fact sheet, a document that summarizes customer information (e.g., credit status, marketing attributes, number of back-orders) from different sources (mySAP CRM, R/3, and BW). In a mySAP CRM system, you may place numerous Remote Function Calls (RFCs) to integrated SAP systems to gather this information.

These RFCs normally require you to log into the system with your personal user name to guarantee the tracing and control of all your actions and to restrict your access to specific transactions. For security reasons, I do not recommend maintaining generic user login data (user ID and password) in an RFC destination, because everyone could use that RFC destination to access the other system’s information and execute any tasks there.

If you frequently access other systems from mySAP CRM, you need a way to guarantee fast and operational calls. Therefore, it’s important to provide a means to execute these calls without requiring a new login or another system’s password. At the same time, you want to ensure the system landscape security and restrict data access according to user authorization profiles. In this case, SAP allows you to create trust relationships between SAP systems. I will describe the trust relationship and explain how it avoids the risks involved with using an RFC destination with a generic user name. My example uses R/3, but you can also use this process with mySAP ERP Central Component (ECC) 5.0.

Susana Messias

Susana Messias has an administration academic background and has been a CRM business consultant since 2002. She has participated in several CRM projects implementing interaction center solutions with sales, service, and marketing functionalities, and she is certified in these solutions.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.