Dear all,
If I am informed correctly the SAP NetWeaver Gateway should be installed on a different machine than the SAP backend - especially in a production environment. Please correct me if I am wrong.
I am trying to further my knowledge related to user management for the SAP NetWeaver Gateway if it is installed on a different machine than the backend. For example we have implemented a customer report on the SAP backend, we have set up authorizations for that report in the backend. The user management which includes an authorization concept is implemented in the SAP backend.
In the Netweaver Gateway we implemented several services around that report. These services call the backend via a RFC user.
Now we are facing a simple problem:
- An end user wants to use the SAP UI 5 app which calls the exposed Gateway services
- The end user is faced a dialog to enter his credentials
- The end user cannot enter valid credentials as he only has credentials for the backend system
=> Does this mean we have to somehow duplicate the user management? I found some SAP help documents indicating that this is the way to go. Can we automate the user management in that way that the user management of the backend is also distributed to the gateway?
I think we can solve the problem regarding the authentication by duplicating user - names. And this could also be done manually. But solving the problem that an user is only authorized for specific objects seems to be more difficult. Given the user can authenticate to the Gateway: The Gateway will call the backend with the RFC user. The RFC user has totally different access rights to authorization objects than the end user. How can we solve this problem?
Best Regards,
Rene