RFC runtime information is recorded in the following trace files:
RFC Traces dev_rfc<n>
Work Process Traces dev_w<n>
Gateway Traces dev_rd<n>
When communicating using RFC, security-relevant data from RFC function modules (such as password or credit card number) can be displayed in trace files.
Such RFC function modules are, for example, in user administration (BAPI_USER_CREATE1) or RFC destination maintenance (DEST_SET_PASSWORD), but also in many other areas.
You must handle access to these trace files as restrictively as possible.
For work process and gateway traces it is possible to restrict the display of critical data using the corresponding trace level setting.
You should use trace level 2 for these trace types to avoid displaying security-critical data.
For RFC traces you can set no trace level, this means that security-relevant data is always visible in the plain text. In this case you must only provide trace files for support purposes to completely trustworthy people.
Activate and Deactivate Traces
You activate RFC traces in transaction SM59. You can use the authorization object S_RFC_ADM to control access to this transaction. Transaction SM50 allows you to display traces. You control access to traces with the authorization object S_ADMI_FCD (parameter PADM).