Overview
Bravura Security Fabric uses the RFC mechanism in the SAP client GUI to invoke built-in functions on the SAP server. SAP versions 4.5 or higher include all of the remote function calls (RFCs) required by Bravura Security Fabric to manage accounts and/or passwords on the system. No new functions, and in fact no new software at all, are installed on the SAP server.
Ensure that these functions are all available for the target administrator credential in order for the connector operations to be successful and that they are configured as listed in Configuring a target system administrator. Contact Bravura Security support if your SAP administrator would like to reduce access for the target administrator credential.
Note that earlier versions of SAP may not include all of the required RFCs or operations. If you have an earlier version of SAP, contact Bravura Security support for assistance.
Bravura Security Fabric uses the following calls to carry out connector operations:
BAPI_USER_GET_DETAIL
BAPI_USER_CREATE
BAPI_USER_ACTGROUPS_ASSIGN
BAPI_USER_PROFILES_ASSIGN
BAPI_USER_CHANGE
BAPI_USER_LOCK
BAPI_USER_UNLOCK
BAPI_USER_DELETE
BAPI_USER_GETLIST
RFC_GET_TABLE_ENTRIES
BAPI_HELPVALUES_GET
Note that RFC_GET_TABLE_ENTRIES does not function correctly on systems that have applied the Unicode patch. On newer Unicode systems, most of the functionality provided by RFC_GET_TABLE_ENTRIES can be replaced by:
BAPI_USER_GET_DETAILS
BAPI_USER_CHANGE
BAPI_USER_GETLIST
Not all functionality can be replaced by these function calls, missing functionality includes: user status and last login date.
RFC_GET_TABLE_ENTRIES return 2 and RFC_EXCEPTION: INTERNAL_ERROR errors indicate incorrect use of this function.
The following subsections detail the RFC functions used to implement some Bravura Security Fabric functions: