10-08-2010 9:35 AM
Hello All,
In our Audit Role user needs Tcode SCU0 for Cross System Viewer, after assigning this Tcode to Role, this Tcode in turn calls SM59 which is a Risk of giving this Tcode.
Is there a way to give SM59 as display access access for SCU0.
Please help with your valuable experiences.
Thanks,
CB
10-08-2010 9:55 AM
10-08-2010 12:44 PM
S_RFC_ADM also cannot be remotely disabled by other calling programs, so it is more reliable than S_TCODE and S_ADMI_FCD checks upfront... also for users who already are on the inside!
Cheers,
Julius
12-09-2010 7:48 AM
Hi,
I agree that S_RFC_ADM can be used to restrict SM59 access to display only. But S_RFC_ADM is available only from ECC 6.0 versions, so how about pre ECC 6.0 versions?
Currently I am on ECC 5.0 where I don't have S_RFC_ADM and SM59 program has a authority check for S_ADMI_FCD=NADM hardcoded in it which makes it impossible to make SM59 just display.
Someone suggested using tcode- RSRFCCHK for displaying the RFC destinations and Execute connection tests but unfortunately this tcode skips SM59 initial screen and calls SM59 internally. In addition to that once the destinations are displayed, and you double click any, it takes you to the SM59 screen with full access to create, change and delete!!!
Am I missing on something? Please advice
Thanks
Sandipan
12-09-2010 6:16 PM
There exist a very old report RSRSDEST which shows the RFC Destinations whichout checking for change-authorizations.
In addition you can use SE16 for table RFCDES (or view V_RFCDES) to view RFC destinations.
On the other hand, report RSRFCCHK is save: This report performs exactly the same authorization checks like transaction SM59, therefore it is ok if you can navigatio into trnsaction SM59.
Kind regards
Frank Buchholz
08-18-2012 1:50 AM
Hello Frank,
I know that this is an old post but I need to confirm that there's no way to use the object S_RFC_ADM in old systems (4.6 or 6.40) in order to grant display authorization for SM59. I mean, there's no SAP standard note/correction available for these systems to change the source code and "import" the corresponding authorization object.
Could you please confirm this?
Thanks in advance.
Diego.
10-08-2010 5:22 PM