cancel
Showing results for 
Search instead for 
Did you mean: 

RFC roles - auth/rfc_authority_check

Former Member
0 Kudos

Hello,

Recently I have changed auth/rfc_authority_check to value 9.


Value "9" -> Technical RFC check active, also in case of single sign-on procedure and for function group SRFC. Since the authority check is then also performed for function modules RFC_PING, RFC_SYSTEM_INFO and all other function modules contained in function group SRFC, the user profiles of all involved users must be checked/updated before using this option.


Anyway, I created a backup role  where it has been added SRFC function group in the S_RFC function object.


As expected, I am getting the dump:


Category Installation Errors

Runtime Errors         RFC_NO_AUTHORITY

Date and Time          19.02.2014 12:20:42

..............


The RFC authorization object is S_RFC.


I added the role to one user, and it did not generate any dumps afterwards.

Now, I would like to know how can I add this role to all users that can generate an RFC ( system, dialog users, all )


How can I check all the users that can erect an RFC and add this role ?


Thanks in advance,


Jordan

Accepted Solutions (1)

Accepted Solutions (1)

ACE-SAP
Active Contributor
0 Kudos

Hi

Function group SRFC only contain a small number of technical functions, that are not generating a big security risk.

Not that much to restrict from a user perspective but can be useful if you want to fully secure your system especially from external systems or for technical users.

If you have defined a base role for all users I think it is safe to add the S_RFC object to that role.


Regards

Functions contained in function group SRFC

  • RFC_GET_LOCAL_DESTINATIONS
  • RFC_GET_LOCAL_SERVERS
  • RFC_PING
  • RFC_PUT_CODEPAGE
  • RFC_SYSTEM_INFO
  • SYSTEM_FINISH_ATTACH_GUI
  • SYSTEM_INVISIBLE_GUI
  • SYSTEM_PREPARE_ATTACH_GUI
  • SYSTEM_RFC_VERSION_3_INIT

Answers (1)

Answers (1)

mamartins
Active Contributor
0 Kudos

Hi,

You need to identify the t-codes that you use on your system that can generate an RFC. Then you search the users that have authorization to use that t-codes using this:

MM