Troubleshooting
Password fails
If a password reset fails:
Verify that the PSYNCH_USER role has been configured correctly.
Assign the PSYNCH_USER role manually to a test account and then perform a password reset from Bravura Security Fabric for that user.
Check that the RFC rights SUSO and SYST have been granted to the PSYNCH_USER role.
User cannot be added to a group
If a user cannot be added to a group, ensure that the SAP target administrator credential has the S_USER_AGR authorization configured in the SAP system being targeted as well as in CUA if used.
Testing connectivity issues when running auto-discovery
If you encounter issues listing users:
Set the target system address parameter for Engage RFC trace logging to 3.
A resulting trace log file will be in the following format:
rfc<pid>_<thread>.trc. The location of this log file will be noted by theagtsapnw.execonnector in the Bravura Security Fabric log file.If you see the following in the logs for agtsapnw:
agtsapnw.exe [10836,8956] Warning: RfcInvoke failed [[Error while calling BAPI_USER_GETLIST], RC code [13:R], error detail: [RFC_INVALID_HANDLE: An invalid handle 'RFC_FUNCTION_HANDLE' was passed to the API call]]
In the trace log file you may also see that an exception occurred for something like this:
RfcGetFunctionDesc(BAPI_USER_GETLIST) via handle 2028524486592 (SID=DR1) returned 0000000000000000 2024-03-15 20:24:01.836266 [01388] << RfcGetFunctionDesc returned RFC_ABAP_RUNTIME_FAILURE RFC_ERROR_INFO.key: RFC_NO_AUTHORITY RFC_ERROR_INFO.message: No RFC authorization for function module DDIF_FIELDINFO_GET.
This will indicate that when
RfcGetFunctionDescis called forBAPI_USER_GETLIST, that the SAP administrative user does not have the RFC authorization for the function module DDIF_FIELDINFO_GET.