04-30-2010 10:44 AM
Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and provide the required the authorization in R/3 and APO system.
Regard
Auroshikha
04-30-2010 11:23 AM
The RFC authorisation depends completely on what the user is doing (ALEREMOTE?). We can't tell you what RFC auths your connection requires.
There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections
04-30-2010 12:24 PM
I have tried to take the system trace for that user id but did not find any thing. How shall I know about the activity of the user.
Edited by: Auroshikha Pattanayak on Apr 30, 2010 1:42 PM
04-30-2010 12:57 PM
You need to speak to your APO team to find out what the user does so you can design an appropriate auth schema.
One thing you could do is switch on the audit log & get it monitoring your APO user over a period of 5-10 days. You can pull out important events like RFC start from there.
04-30-2010 1:46 PM
Hi,
In the audit log i have checked and this user id executing some programs and reports.... and there is one SAP note 727839 regarding this authorization issue...if you have some idea how to approach then let me know.....
04-30-2010 2:46 PM
Hi
As I said before, speak to your APO team. The audit log will contain some of the info you need (function groups for your S_RFC auths and programs that you can examine to see what auths are checked in those processes). Your APO team will tell you what functionality is accessed and you can use that info to start identifying the relevant functional auth objects.
05-01-2010 10:15 AM