03-01-2010 2:16 PM
Hi All,
How to check the auhtorization object S_RFC field values to one rfc user?
I want to check the ACTVT, RFC_NAME, RFC_ TYPE field values.
version : 4.6C
Thanks in advance
03-01-2010 2:38 PM
If the users are with role based authorizations, go to the table AGR_USERS give the user name and in the filed the end date enter > or = the current date, you will get a list of roles. Now go to AGR_1251 and give the list of roles you got from step 1 and in the object give S_RFC, you will get a list of roles that have this object and the values
For profile based users, you can check in one of the nodes in SUIM - give it a try
03-07-2010 12:42 AM
Hi:
If you are looking to see what S_RFC authorizations a particular user has, you could try going to SU56 to check what S_RFC authorizations are loaded into a specific user's user buffer.
03-07-2010 2:29 PM
On 46C the RFC_NAME can only take the value of the function group name to which the function module to be called belongs.
You can enter names up to 40 characters in the authorization field (SU03, PFCG) however it is truncated at the 16th character of the function group name at runtime.
So what you are actually looking for is:
1) Download the RFC_NAME field values from AGR_1251 to Excel.
2) Use =left(cellnumber; 15) to copy the first 15 characters of the function group name, as the 16th is the wildcard.
3) Select entries from table TFDIR where PNAME = SAPL(4) followed by the 15 characters from AGR_1251, and, where FMODE = 'R' (remote enabled).
4) The values in FUNCNAME are the ones which the user ID is authorized to start
Note that depending on other authorizations and whether the function module checks them without the user being able to remotely turn them off in the call, a different picture with much higher effort involved to secure will develop.
Concentrate on the RFC_NAME and eliminate all TCD entries. It is the easiest and biggest security gain for RFC users.
Cheers,
Julius