Skip to Content
avatar image
Former Member

Restrict RFC Connector in GRC

Hi Gurus,

We are currently working on a GRC10 implementation where we have some concerns with the access the RFC connector from GRC to ECC might have to sensitive information (particularly access to sensitive HR tables).  Is there a way to restrict via security the RFC ID's ability to access certain tables/information in ECC?  My understanding is that RFC connectors need to have SAP_ALL or automated business rules won't execute properly.  Is this correct?  Or can they be restricted.

Appreciate your thoughts and feedback! 

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jan 20, 2014 at 04:30 PM

    Hello Taylor,

    RFC user id that is used to connect backend systems should never have SAP_ALL.

    with that said, here are some authorizations that you can consider for the id that is used to communicate with the backend ECC system: you can find this info in the security guide


    rfc1.png (36.3 kB)
    rfc2.png (85.5 kB)
    rfc3.png (59.2 kB)
    Add comment
    10|10000 characters needed characters exceeded