Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_RFC field values

Former Member

‎03-01-2010 2:16 PM

0 Kudos

Hi All,

How to check the auhtorization object S_RFC field values to one rfc user?

I want to check the ACTVT, RFC_NAME, RFC_ TYPE field values.

version : 4.6C

Thanks in advance

3 REPLIES 3

Former Member

‎03-01-2010 2:38 PM

0 Kudos

If the users are with role based authorizations, go to the table AGR_USERS give the user name and in the filed the end date enter > or = the current date, you will get a list of roles. Now go to AGR_1251 and give the list of roles you got from step 1 and in the object give S_RFC, you will get a list of roles that have this object and the values

For profile based users, you can check in one of the nodes in SUIM - give it a try

Former Member

‎03-07-2010 12:42 AM

0 Kudos

Hi:

If you are looking to see what S_RFC authorizations a particular user has, you could try going to SU56 to check what S_RFC authorizations are loaded into a specific user's user buffer.

Former Member

‎03-07-2010 2:29 PM

0 Kudos

On 46C the RFC_NAME can only take the value of the function group name to which the function module to be called belongs.

You can enter names up to 40 characters in the authorization field (SU03, PFCG) however it is truncated at the 16th character of the function group name at runtime.

So what you are actually looking for is:

1) Download the RFC_NAME field values from AGR_1251 to Excel.

2) Use =left(cellnumber; 15) to copy the first 15 characters of the function group name, as the 16th is the wildcard.

3) Select entries from table TFDIR where PNAME = SAPL(4) followed by the 15 characters from AGR_1251, and, where FMODE = 'R' (remote enabled).

4) The values in FUNCNAME are the ones which the user ID is authorized to start

Note that depending on other authorizations and whether the function module checks them without the user being able to remotely turn them off in the call, a different picture with much higher effort involved to secure will develop.

Concentrate on the RFC_NAME and eliminate all TCD entries. It is the easiest and biggest security gain for RFC users.

Cheers,

Julius