Show TOC

Debug Authorizations for bgRFCLocate this document in the navigation structure

Use

In this section you find information on the authorizations that a user needs to debug bgRFC units. In addition, you will find here an overview of the authorizations that the support user should not receive for security reasons.

The assigning of authorizations is required in the following areas:

  • Authorizations at the client side (NetWeaver)

  • Authorizations at the server side (NetWeaver)

  • Authorizations required for related application transactions

Authorizations at the Client Side

Note

The specified authorizations are valid for inbound and outbound scenarios.

Debug Authorizations

With the following authorization configuration the user can add and display, but not change, variables in the application scenario during the debug process. A change authorization required that the value ACTVT also be assigned. 02:

Authorization Object S_DEVELOP

Parameters

Value

OBJTYPE

DEBUG

ACTVT

01, 03

OBJNAME

<user name>

Authorizations for the bgRFC Monitor

With the following authorizations the user can display the inbound queue and display, execute, debug its units using the bgRFC monitor (transaction SBGRFCMON).

Authorization Object S_ BGRFC

Parameter

Value ( Inbound Sc enario )

Value ( Outbound Sc enario)

ACTVT

03, 16, 90, H2, H3

03, 16, 90, H2, H3

BGRFC_D_IN

<Inbound Destination>

BGRFC_D_OUT

<Outbound Destination>

BGRFC_TYPE

01, 02, 03

01, 02, 03

Authorization Object S_ TCODE

Parameters

Value ( Inbound and Outbound Scenario)

TCD

SBGRFCMON

Authorizations at the Server Side

Note

The specified authorizations are only required for the outbound scenario.

Debug Authorizations

Authorization Object S_DEVELOP

Parameters

Value ( Outbound Scenario)

OBJTYPE

DEBUG

ACTVT

01, 03

OBJNAME

<user name>

RFC Authorizations for the Target System

Authorization Object S_ RFC

Parameters

Value ( Outbound Scenario)

ACTVT

16

RFC_NAME

ARFC, BGRFC_EXTERN, ERFC, SYST

RFC_TYPE

FUGR

Authorizations for Logging On to a Trusted SAP System (Trusted Relationship)

Authorization Object S_ RFCACL

Parameters

Value ( Outbound Sc enario)

ACTVT

16

RFCCLIENT

<Client of the Target System>

RFC_EQUSER

Y

RFC_SYSID

<System ID of the Send System>

RFC_USER

<user name>

(Support User)

Security Authorizations

Caution

The authorizations listed here should not be granted to the support user for security reasons.

Authorizations for External Debugging

The support user should not have authorizations for external debugging in the system in which the unit was created:

Authorization Object S_DEVELOP

Parameters

Value ( Outbound Sc enario)

OBJTYPE

DEBUG

ACTVT

90

OBJNAME

<user name>

Transaction Authorizations

In addition to this, the support user should not have authorizations for the following transactions:

  • SE37, SE38, SE80 (program maintenance)

  • SM59 (maintenance of RFC destinations)

  • SMT1 and SMT2 (maintenance of trust relationships between SAP systems)

  • SU01 (user maintenance)

  • SE16 (table maintenance)