Dear Security Experts,
Could someone re-iterate that the RFC user type = service user (that has dialog privileges enables irrespective of the original user privileges) should have SAP_ALL in the authorization profile. Is this a good practice? If not could someone share some tried and tested roles for RFC service user (that is not SAP_ALL). The context being RFC connection between ECC and APO box with the service user being in APO that returns a screen to aN FM call from ECC.
Thanks for looking into this
Regards,
Loknath
SAP APO consultant