CN103778357A - Method for controlling RFC (remote function call) authority between SAP (systems, applications and products in data processing) systems - Google Patents
Method for controlling RFC (remote function call) authority between SAP (systems, applications and products in data processing) systems Download PDFInfo
- Publication number
- CN103778357A CN103778357A CN201410026510.6A CN201410026510A CN103778357A CN 103778357 A CN103778357 A CN 103778357A CN 201410026510 A CN201410026510 A CN 201410026510A CN 103778357 A CN103778357 A CN 103778357A
- Authority
- CN
- China
- Prior art keywords
- rfc
- user
- parameter
- job
- carry out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for controlling RFC (remote function call) authority between SAP (systems, applications and products in data processing) systems. The method utilizes a user switching function module and a background Job program to switch RFC executing users, and parameters are transferred through a transparent list. The method has the advantage that when the other systems carry out the RFC, the connection by communication users can be utilized; the business authority of the system users can be detected, and then the safety of the account information of the SAP system users is ensured.
Description
Technical field
The present invention relates to a kind of SAP system, specifically between a kind of SAP of solution system, RFC calls the method for authorization control.
Background technology
When other system calls SAP system RFC (Remote Function Call remote function calls), all generally to connect by the specific communication user of company, and carry out the processing of business datum, now the logic in RFC is according to controlling with the authority of communication user.And communication user is generally not have service authorization.So in writing RFC logic, can not carry out scope check, will be because of being communication user once carry out scope check, and be rejected business operation.Existing solution is directly SAP system user to be carried out to RFC operation when connecting user.Shortcoming is that the security meeting of the accounts information of SAP system user is on the hazard, and is unfavorable for the holistic management that RFC calls.
Summary of the invention
The problem existing in order to overcome prior art, the object of this invention is to provide the method that RFC between a kind of SAP of solution system calls authorization control, utilize the method, can make other system call RFC time, connect by communication user, and can carry out the service authority authorization check of system user, guarantee the security of the accounts information of SAP system user.
The object of the invention is to be achieved through the following technical solutions:
Solve the method that RFC between SAP system calls authorization control, it is characterized in that: the method is utilized user's handoff functionality module and backstage Job program, realize RFC and carry out user's switching, and carry out Transfer Parameters by transparent table; Concrete steps are as follows:
1) RFC function comprises USER parameter, and is optional, transmits this parameter when other system calls RFC; In RFC function, define overall field symbol parameter; The field symbol of definition is pointed to the parameter of RFC function in the time starting; Field symbol parameter is used for receiving carries out user and switches the result of rear execution;
2) write a simple logic evaluation algorithm in RFC beginning as follows:
IF USER IS NOT INITIAL.
" carry out user's handoff functionality module
ELSE.
" carry out RFC service logic
ENDIF.
If the USER parameter of importing into is not empty, carries out user's handoff functionality module, otherwise carry out the logic of RFC own;
In the time that other system calls RFC, not empty because step 1 has retrained USER, thus carry out user handoff functionality module, and after user's handoff functionality module empties USER, then carry out RFC by Job, really carry out the service logic of RFC;
3) user's handoff functionality module, input parameter comprises:
The system user name USER of A, scope check, RFC carries out scope check according to this user, and does not carry out scope check according to connecting user;
The title FM_NAME of B, RFC, for obtaining the parameter of RFC;
Unique sign FM_ID of C, RFC, user obtains the parameter of RFC;
4), in user's handoff functionality module, obtain a number by ' FUNCTION_IMPORT_INTERFACE' obtain the parameter of current RFC, by ' NUMBER_GET_NEXT' and be used for the transitional information of storage of variables; Obtain RFC by following grammer and be stored in the variate-value in overall field symbo; CONCATENATE ' (SAPL'FG_NAME ') <'FM_ID ' _ ' IM_TAB-PARAMETER'>'
INTO STR.
CONDENSE STR NO-GAPS. ASSIGN (STR) TO <I_DATA>.
<I_DATA> is the variable of user's handoff functionality module definition, so just the variate-value in overall field symbo is got in <I_DATA>; After the value of all RFC variablees is obtained, all EXPORT is in transparent table, obtain to follow-up Job program;
5), in user's handoff functionality module, call function ' GUID_CREATE' and ' JOB_OPEN' opens a backstage job program; And submit to a background program to import the number of FM_NAME and step 4) establishment into, because Job goes to carry out with designated user, so this background program starts with system user USER, realize user and switch;
SUBMIT ZP001_HR_RFC_AUTH USING SELECTION-SCREEN '1000' WITH FM = FM_NAME WITH NRG = NUM USER USER VIA JOB NAME NUMBER NUMBER;
6) in user's handoff functionality module, call the state of ' JOB_CLOSE' execution step 5) the backstage job that submits to, by ' BP_JOB_STATUS_GET' monitoring backstage job, in the time that equaling F or A, exits state monitoring;
7) the operation result parameter I MPORT of the backstage JOB by the contrary method of step 4), step 5) being submitted to is passed in the variable of overall field symbol; Final realization used EXPORT and IMPORT to transparent table RFC parameter, then by carrying out backstage Job with system user, realizes the scope check of RFC.
2, between solution according to claim 1 SAP system, RFC calls the method for authorization control, it is characterized in that: in step 5), the background program of submission selects parameter to comprise:
A, FM_NAME, the title of RFC, is used for dynamically starting this function;
B, NRG, the number generating in the 4th step is used for reading the parameter use of RFC;
The logic of background program is to read transparent table by IMPORT to obtain the parameter that deposits DB table before in, then carries out RFC, then execution result EXPORT is arrived to transparent table, for IMPORT fetch program execution result in step 7), and returns.
In the present invention, other system, in the time calling RFC, passes to RFC by the system user name of scope check as parameter.Utilize authority handoff functionality module, dynamically obtain input, output, the anomaly parameter of FUNCTION.Then the backstage execution mechanism based on SAP, is used the system user name of importing into start Job and re-executes RFC, to obtain being undertaken by system user the object of scope check.Then by memory variable, Job result is passed to RFC caller.
The present invention can specify and remove to carry out RFC with certain user and call, and can make other system call RFC time, connects by communication user, connects user and do not have the problem of service authority to solve RFC; And can carry out the service authority authorization check of system user, guarantee the security of the accounts information of SAP system user.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of RFC in the present invention.
Fig. 2 is user's handoff functionality module process flow diagram in the present invention.
Fig. 3 is Job program flow diagram in the present invention.
Embodiment
In the present invention, the explanation of nouns of relevant technical terms is as follows:
Authority: read any data content, need to have the corresponding authority support of active user.If do not possessed, reading out data content failure.
A process concept in JOB:SAP system.It is an independently process, does not rely on user's foregrounding and independent operating.
Asynchronous: a new program process of opening, does not rely on host process
SAP: the one of Enterprise Resources Planning software.
Solve the method that RFC between SAP system calls authorization control, the method is utilized user's handoff functionality module and backstage Job program, realizes RFC and carries out user's switching, and carry out Transfer Parameters by transparent table; Concrete steps are as follows:
1) RFC function must comprise USER parameter, and is optional, but other system must transmit this parameter while calling RFC.In the master routine of RFC function, define overall field symbol parameter.Start the field symbol of definition to point in program the parameter of RFC function.Field symbol parameter is used for receiving carries out user and switches the result of rear execution.
2) write a simple logic evaluation algorithm in RFC beginning as follows:
IF USER IS NOT INITIAL.
" carry out user's handoff functionality module
ELSE.
" carry out RFC service logic
ENDIF.
If the USER parameter of importing into is not empty, carries out user's handoff functionality module, otherwise carry out the logic of RFC own.
In the time that other system calls RFC, not empty because step 1 has retrained USER, thus can carry out user's handoff functionality module, and after user's handoff functionality module can empty USER, then carry out RFC by Job, now can really carry out the service logic of RFC.
3) user's handoff functionality module, input parameter comprises
The system user name USER of A, scope check, RFC carries out scope check according to this user, and does not carry out scope check according to connecting user
The title FM_NAME of B, RFC, for obtaining the parameter of RFC.
Unique sign FM_ID of C, RFC, user obtains the parameter of RFC.
4), in user's handoff functionality module, obtain a number by ' FUNCTION_IMPORT_INTERFACE' obtain the parameter of current RFC, by ' NUMBER_GET_NEXT' and be used for the transitional information of storage of variables.Obtain RFC by following grammer and be stored in the variate-value in overall field symbo.CONCATENATE '(SAPL' FG_NAME ')<' FM_ID '_' IM_TAB-PARAMETER'>'
INTO STR.
CONDENSE STR NO-GAPS. ASSIGN (STR) TO <I_DATA>.
<I_DATA> is the variable of user's handoff functionality module definition, so just the variate-value in overall field symbo can be got in <I_DATA>.After the value of all RFC variablees is obtained, all EXPORT is in transparent table, obtain to follow-up Job program.
5), in user's handoff functionality module, call function ' GUID_CREATE' and ' JOB_OPEN' opens a backstage job program.And submit to a background program to import the number of FM_NAME and the establishment of the 4th step into, because Job can go to carry out with designated user, so this background program starts with system user USER, the object of switching to reach user.
SUBMIT ZP001_HR_RFC_AUTH USING SELECTION-SCREEN '1000' WITH FM = FM_NAME WITH NRG = NUM USER USER VIA JOB NAME NUMBER NUMBER。
The background program of submitting to: select parameter to comprise
A, FM_NAME, the title of RFC, is used for dynamically starting this function.
B, NRG, the number generating in the 4th step is used for reading the parameter use of RFC.
The logic of background program is to read transparent table by IMPORT to obtain the parameter that deposits DB table before in, then carries out RFC, then execution result EXPORT is arrived to transparent table, for IMPORT fetch program execution result in the 7th step, and returns.
6) in user's handoff functionality module, call ' JOB_CLOSE' carries out the backstage job that the 5th step is submitted to, by the state of ' BP_JOB_STATUS_GET' monitoring backstage job, exits monitoring in the time that state equals F or A.
7) the operation result parameter I MPORT of the backstage JOB by the contrary method of the 4th step, the 5th step being submitted to is passed in the variable of overall field symbol.
Like this, finally realized and used EXPORT and IMPORT to transparent table RFC parameter, then by carrying out backstage Job with system user, realized the scope check function of RFC.
Claims (2)
1. solve the method that RFC between SAP system calls authorization control, it is characterized in that: the method is utilized user's handoff functionality module and backstage Job program, realize RFC and carry out user's switching, and carry out Transfer Parameters by transparent table; Concrete steps are as follows:
RFC function comprises USER parameter, and is optional, transmits this parameter when other system calls RFC; In RFC function, define overall field symbol parameter; The field symbol of definition is pointed to the parameter of RFC function in the time starting; Field symbol parameter is used for receiving carries out user and switches the result of rear execution;
Write a simple logic evaluation algorithm in RFC beginning as follows:
IF USER IS NOT INITIAL.
" carry out user's handoff functionality module
ELSE.
" carry out RFC service logic
ENDIF.
If the USER parameter of importing into is not empty, carries out user's handoff functionality module, otherwise carry out the logic of RFC own;
In the time that other system calls RFC, not empty because step 1 has retrained USER, thus carry out user handoff functionality module, and after user's handoff functionality module empties USER, then carry out RFC by Job, really carry out the service logic of RFC;
3) user's handoff functionality module, input parameter comprises:
The system user name USER of A, scope check, RFC carries out scope check according to this user, and does not carry out scope check according to connecting user;
The title FM_NAME of B, RFC, for obtaining the parameter of RFC;
Unique sign FM_ID of C, RFC, user obtains the parameter of RFC;
4), in user's handoff functionality module, obtain a number by ' FUNCTION_IMPORT_INTERFACE' obtain the parameter of current RFC, by ' NUMBER_GET_NEXT' and be used for the transitional information of storage of variables; Obtain RFC by following grammer and be stored in the variate-value in overall field symbo; CONCATENATE ' (SAPL'FG_NAME ') <'FM_ID ' _ ' IM_TAB-PARAMETER'>'
INTO STR.
CONDENSE STR NO-GAPS. ASSIGN (STR) TO <I_DATA>.
<I_DATA> is the variable of user's handoff functionality module definition, so just the variate-value in overall field symbo is got in <I_DATA>; After the value of all RFC variablees is obtained, all EXPORT is in transparent table, obtain to follow-up Job program;
5), in user's handoff functionality module, call function ' GUID_CREATE' and ' JOB_OPEN' opens a backstage job program; And submit to a background program to import the number of FM_NAME and step 4) establishment into, because Job goes to carry out with designated user, so this background program starts with system user USER, realize user and switch;
SUBMIT ZP001_HR_RFC_AUTH USING SELECTION-SCREEN '1000' WITH FM = FM_NAME WITH NRG = NUM USER USER VIA JOB NAME NUMBER NUMBER;
6) in user's handoff functionality module, call the state of ' JOB_CLOSE' execution step 5) the backstage job that submits to, by ' BP_JOB_STATUS_GET' monitoring backstage job, in the time that equaling F or A, exits state monitoring;
7) the operation result parameter I MPORT of the backstage JOB by the contrary method of step 4), step 5) being submitted to is passed in the variable of overall field symbol; Final realization used EXPORT and IMPORT to transparent table RFC parameter, then by carrying out backstage Job with system user, realizes the scope check of RFC.
2. between solution according to claim 1 SAP system, RFC calls the method for authorization control, it is characterized in that: in step 5), the background program of submission selects parameter to comprise:
A), FM_NAME, the title of RFC, is used for dynamically starting this function;
B), NRG, the number generating in the 4th step is used for reading the parameter of RFC and uses;
The logic of background program is to read transparent table by IMPORT to obtain the parameter that deposits DB table before in, then carries out RFC, then execution result EXPORT is arrived to transparent table, for IMPORT fetch program execution result in step 7), and returns.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410026510.6A CN103778357B (en) | 2014-01-21 | 2014-01-21 | A kind of solve the method that RFC between SAP system calls authorization control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410026510.6A CN103778357B (en) | 2014-01-21 | 2014-01-21 | A kind of solve the method that RFC between SAP system calls authorization control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103778357A true CN103778357A (en) | 2014-05-07 |
| CN103778357B CN103778357B (en) | 2016-08-17 |
Family
ID=50570585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410026510.6A Active CN103778357B (en) | 2014-01-21 | 2014-01-21 | A kind of solve the method that RFC between SAP system calls authorization control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103778357B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1403944A (en) * | 2001-09-06 | 2003-03-19 | 英业达股份有限公司 | Authorized data reading method and system |
| WO2004029898A2 (en) * | 2002-09-30 | 2004-04-08 | Sap Aktiengesellschaft | Xml instrumentation interface for tree-based monitoring architecture |
| US20070074150A1 (en) * | 2005-08-31 | 2007-03-29 | Jolfaei Masoud A | Queued asynchrounous remote function call dependency management |
| CN102377738A (en) * | 2010-08-13 | 2012-03-14 | 捷达世软件(深圳)有限公司 | Process integration server and method for realizing system integration by utilizing process integration server |
| CN102404356A (en) * | 2010-09-10 | 2012-04-04 | 捷达世软件(深圳)有限公司 | Long-distance function call transmission adapter and data reading method thereof |
| CN103116508A (en) * | 2013-01-18 | 2013-05-22 | 浙江吉利汽车研究院有限公司杭州分公司 | Universal interface and implement method of service access point (SAP) system |
-
2014
- 2014-01-21 CN CN201410026510.6A patent/CN103778357B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1403944A (en) * | 2001-09-06 | 2003-03-19 | 英业达股份有限公司 | Authorized data reading method and system |
| WO2004029898A2 (en) * | 2002-09-30 | 2004-04-08 | Sap Aktiengesellschaft | Xml instrumentation interface for tree-based monitoring architecture |
| US20070074150A1 (en) * | 2005-08-31 | 2007-03-29 | Jolfaei Masoud A | Queued asynchrounous remote function call dependency management |
| CN102377738A (en) * | 2010-08-13 | 2012-03-14 | 捷达世软件(深圳)有限公司 | Process integration server and method for realizing system integration by utilizing process integration server |
| CN102404356A (en) * | 2010-09-10 | 2012-04-04 | 捷达世软件(深圳)有限公司 | Long-distance function call transmission adapter and data reading method thereof |
| CN103116508A (en) * | 2013-01-18 | 2013-05-22 | 浙江吉利汽车研究院有限公司杭州分公司 | Universal interface and implement method of service access point (SAP) system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103778357B (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11875171B2 (en) | Blockchain network transaction processing method, apparatus, device, and storage medium | |
| CN103761484B (en) | A kind of methods, devices and systems of resource transfers management | |
| CN106487762A (en) | The recognition methodss of user identity, identification applications client and server | |
| CN102867348A (en) | Switching control system of computer | |
| WO2022227818A1 (en) | Method and apparatus for network configuration, and smart home device | |
| CN109922132A (en) | Method, apparatus, electronic equipment and the storage medium of form request processing | |
| JP2015507257A (en) | Method and compute node for processing application data | |
| CN104793999A (en) | Servo server framework system | |
| CN110071855A (en) | Equipment linkage control method, device, system, gateway and storage medium | |
| CN103401889A (en) | Method for realizing client logout through intelligent terminal, server and intelligent terminal | |
| WO2023151595A1 (en) | Task creation method and apparatus, electronic device, and storage medium | |
| CN205302954U (en) | Electron message equipment and system | |
| CN106559386B (en) | A kind of authentication method and device | |
| CN111294413A (en) | Method, device and readable medium for determining Internet Protocol (IP) address | |
| CN101330686A (en) | Method and system for synthesis false-proof of mobile phone battery | |
| US20170155866A1 (en) | Method and device for controlling television | |
| CN106528007A (en) | Printing control system and printing method thereof | |
| CN204926177U (en) | System for realize punching card through identification code | |
| CN103778357A (en) | Method for controlling RFC (remote function call) authority between SAP (systems, applications and products in data processing) systems | |
| CN110515662A (en) | Long-range control method, system, equipment and the readable storage medium storing program for executing of dual-system device | |
| CN103731342A (en) | Instant message based workflow management system and management method | |
| CN104765538A (en) | Information handling method and terminal | |
| CN107704250A (en) | Intelligent electric appliance SN code programming systems and refrigerator | |
| CN104144076A (en) | Method, device and system for flow error control | |
| CN102662496A (en) | Multifunctional mouse and method for controlling same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |