Role Builder Scenario Process
Analyzes the required RFC authorizations and creates the appropriate user roles with the authorization object S_RFC.
Process
-
Firstly all function modules are selected on the basis of specific criteria (for example, destination used, client to be run, users to be run on the server side).
-
In the next step you can assign function modules with the same authorization requirements to different Communication Assemblies (CAs) that you have created for this purpose.
-
The assignment to a CA takes place on the basis of the attributes selected above.
-
You can then create an ABAP user role that contains the corresponding authorization object S_RFC for each CA using transaction PFCG.
Example
You have created a MyDEST destination and have defined a user for external RFC communication in this destination.
After activating the UCON loggings you can analyze the collected data by selecting all of the function modules that were called using the MyDest destination and assign them to a corresponding CA.
Using transaction PFCG you then create a user role with authorization object S_RFC where the authorization is only granted for the list of selected function modules.
If you then assign this role to the user defined in the destination, an external client can only call those function modules that are defined in the list.