We have few RFC users between BW, APO and E-Rec systems to exchange data or data extraction. We have created them as a "system" user and assigned the SAP_ALL. I would like to know whether is it ok to assign SAP_ALL to system users or we need to drill down to limited authorizations.
If we need to remove SAP_ALL, than how to find the authorization required by these RFC SAP ids. Do we need to activate the trace individually for them or providing S_RFC and S_RFCACL with full access will be enough.
Thanks in advance/