Skip to Content

No RFC authorization for function group SYST. Which Authorization object ??

Hi,

In a RFC Connection, i get this error when i perform the Authorization Test - No RFC authorization for function group SYST.

I asked an experienced colleague and he said to add a particular Role which contains the authorization object "S_RFCACL" . The problem was resolved by his tip.

Now i have 2 questions -

1. How to find the correct authorization object for a particular function group?

2. How to find the authorization objects present in some Role? Please describe step by step.

Many thanks,

Mohan.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Dec 16, 2010 at 02:17 PM

    What you can do, is create a new profile in PFCG and add object S_RFCACL to it. This can be assigned to the RFC user.

    You can also use role SAP_S_RFCACL

    Kind regards,

    Mark

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 16, 2010 at 09:51 PM

    Your colleague's tip only made the symptom go away...

    The "authorization test" calls a function module in S_RFC auth object function group SYST. This is needed to start the session_manager (blank screen with push button for "SAP Easy Access Menu".

    When you assign S_RFCACL auth object for trusted RFC, the successfull check result will suppress the subsequent authorization check on S_RFC (at least, that is what it does by default).

    It is like giving S_BTCH_ADM authorization so that S_BTCH_JOB does not matter anymore.

    An RFC connection however does not necessarily need nor should have access to the session_manager necessarily. In the case of trusted RFC this is particularly true, as only the connection test makes sense in SM59... the authorization test is in the RFC capable application itself.

    Unfortunately for you, you have to read the documentation on this and test it a bit - there is no medication agaist making mistakes in this area of SAP security... 😊

    Cheers,

    Julius

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.