Show TOC

RFC/ICF Security GuideLocate this document in the navigation structure

Use

SAP systems can communication with another SAP, or a non-SAP system, in two basic ways: With a Remote Function Call (RFC) you can call functions directly in a system (using an ABAP interface or RFC API). The Internet Communication Framework (ICF) enables you to use HTTP, HTTPS or SMTP to communicate with other systems from an SAP system.

This guide provides you with fundamental information and advice for the secure use of RFC and ICF when communicating between SAP systems and other SAP systems or external systems.

Target Audience

This guide is aimed at technical consultants and system administrators.

Important Notes

Read the following SAP Notes about RFC and ICF security topics:

  • 43417 Information published on SAP site (RFC Software Development Kit)

  • 618516 Information published on SAP site (Restricting Access to the RFC Server Program RFCEXEC or RFCEXEC.EXE).

    Note

    This Note is only relevant for the classic RFC API.

  • 128447 Information published on SAP site (Trusted Systems Network for RFC Communication)

  • 532918 Information published on SAP site (RFC Trace Generation)

  • 1148023 Information published on SAP site (Data Security for RFC Traces and Debugging)

  • 668252 Information published on SAP site (Authorizations for Remote Debugging in ICF)

  • 110612 Information published on SAP site (Configuration of SAP Gateway)

  • 64016 Information published on SAP site (Gateway Monitoring)

More Information

For more detailed information, see the following topics:

Note

This section of the documentation refers to scenarios for the ABAP environment. For information about the security requirements of SAP J2EE systems, see the following: