Skip to Content
avatar image
Former Member

Authorizations to be granted to System user for GRC 10.1 for RFC in ECC???

Hello All ,

Please suggest the Authorizations which are to be granted to the User ID to be mentioned in RFC in GRC 10.1 system for provisioning in ECC system ..?

Is assigning SAP_ALL and SAP_NEW profiles to the RFC User ID harmful ??

Please suggest.


Rahul Muni

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Jul 22, 2015 at 07:04 AM

    Dear Rahul,

    RFC user requires several authorization. I recommend to trace the required authorization and build your own role. Giving SAP_ALL/SAP_NEW is never recommended and should be avoided.

    Plesae use transaction STAUTHTRACE and run a trace for the RFC user. End of the day you will have all the objects required.



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Rahul,

      If you have access to the SAP Support portal (via an S-ID) you can download the "SAP GRC Security guide" (link below). It contains a foundation list of what authorizations are required to be assigned to the RFC user as a minimum.

      (section 4.3.1 RFC Authorization Objects for Access Control - is the part of the document you may wish to reference)

      The reason I say "Foundation" is because you will find that additional authorizations may be required if CUA is being used with GRC or even to retrieve the right user info back etc. This is where authorizatoin traces will be useful to fine tune the RFC user auths.

  • Jul 22, 2015 at 07:25 AM

    Hello Rahul,

    check the below link and change the objects as per your requirement

    SAP_ALL replace role for user WF-BATCH -ARM,GRC10

    Hope this will give some inputs



    Add comment
    10|10000 characters needed characters exceeded