Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No RFC authorization for function group SYST. Which Authorization object ??

Go to solution
Former Member

‎12-16-2010 1:42 PM

0 Kudos

Hi,

In a RFC Connection, i get this error when i perform the Authorization Test - No RFC authorization for function group SYST.

I asked an experienced colleague and he said to add a particular Role which contains the authorization object "S_RFCACL" . The problem was resolved by his tip.

Now i have 2 questions -

1. How to find the correct authorization object for a particular function group?

2. How to find the authorization objects present in some Role? Please describe step by step.

Many thanks,

Mohan.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎12-16-2010 2:17 PM

0 Kudos

What you can do, is create a new profile in PFCG and add object S_RFCACL to it. This can be assigned to the RFC user.

You can also use role SAP_S_RFCACL

Kind regards,

Mark

6 REPLIES 6

Go to solution
Former Member

‎12-16-2010 2:17 PM

0 Kudos

What you can do, is create a new profile in PFCG and add object S_RFCACL to it. This can be assigned to the RFC user.

You can also use role SAP_S_RFCACL

Kind regards,

Mark

Go to solution
Former Member
In response to Former Member

‎12-16-2010 3:51 PM

0 Kudos

Hi Marc,

Thanks for your quick reply but as i said, the issue is resolved already, my general questions (for learning purpose)were -

1. How to find the correct authorization object for a particular function group?

2. How to find the authorization objects present in some Role? Please describe step by step.

Regards,

Mohan.

Go to solution
Former Member
In response to Former Member

‎12-16-2010 4:31 PM

0 Kudos

When you get authorization error same time you can execute /nsu53 tcode or from menu system --> utilities --> display authorization check.

Use SUIM tocde to find objects in roles.

I suggest for your knowledge you must follow help.sap.com/saphelp_nw70ehp1/helpdata/en/52/671126439b11d1896f0000e8322d00/frameset.htm

Go to solution
Former Member
In response to Former Member

‎12-17-2010 9:12 AM

0 Kudos

Hi Sunil,

Thanks for the answers, my questions are answered. Points awarded.

i have one more posting in the area of Solution manager, may be you know the solution:

Again many thanks,

Mohan.

Go to solution
Former Member

‎12-16-2010 9:51 PM

0 Kudos

Your colleague's tip only made the symptom go away...

The "authorization test" calls a function module in S_RFC auth object function group SYST. This is needed to start the session_manager (blank screen with push button for "SAP Easy Access Menu".

When you assign S_RFCACL auth object for trusted RFC, the successfull check result will suppress the subsequent authorization check on S_RFC (at least, that is what it does by default).

It is like giving S_BTCH_ADM authorization so that S_BTCH_JOB does not matter anymore.

An RFC connection however does not necessarily need nor should have access to the session_manager necessarily. In the case of trusted RFC this is particularly true, as only the connection test makes sense in SM59... the authorization test is in the RFC capable application itself.

Unfortunately for you, you have to read the documentation on this and test it a bit - there is no medication agaist making mistakes in this area of SAP security...

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎12-17-2010 9:13 AM

0 Kudos

Hi Julius,

Thanks for the detailed information. I will look into the help.sap.com documentation.

Regards,

Mohan.