In this section you find information on the authorizations that a user needs to debug bgRFC units. In addition, you will find here an overview of the authorizations that the support user should not receive for security reasons.
The assigning of authorizations is required in the following areas:
Authorizations at the client side (NetWeaver)
Authorizations at the server side (NetWeaver)
Authorizations required for related application transactions
Authorizations at the Client Side
The specified authorizations are valid for inbound and outbound scenarios.
Debug Authorizations
With the following authorization configuration the user can add and display, but not change, variables in the application scenario during the debug process. A change authorization required that the value ACTVT also be assigned. 02:
Authorization Object S_DEVELOP
Parameters |
Value |
OBJTYPE |
DEBUG |
ACTVT |
01, 03 |
OBJNAME |
<user name> |
Authorizations for the bgRFC Monitor
With the following authorizations the user can display the inbound queue and display, execute, debug its units using the bgRFC monitor (transaction SBGRFCMON).
Authorization Object S_ BGRFC
Parameter |
Value ( Inbound Sc enario ) |
Value ( Outbound Sc enario) |
ACTVT |
03, 16, 90, H2, H3 |
03, 16, 90, H2, H3 |
BGRFC_D_IN |
<Inbound Destination> |
|
BGRFC_D_OUT |
<Outbound Destination> |
|
BGRFC_TYPE |
01, 02, 03 |
01, 02, 03 |
Authorization Object S_ TCODE
Parameters |
Value ( Inbound and Outbound Scenario) |
TCD |
SBGRFCMON |
Authorizations at the Server Side
The specified authorizations are only required for the outbound scenario.
Debug Authorizations
Authorization Object S_DEVELOP
Parameters |
Value ( Outbound Scenario) |
OBJTYPE |
DEBUG |
ACTVT |
01, 03 |
OBJNAME |
<user name> |
RFC Authorizations for the Target System
Authorization Object S_ RFC
Parameters |
Value ( Outbound Scenario) |
ACTVT |
16 |
RFC_NAME |
ARFC, BGRFC_EXTERN, ERFC, SYST |
RFC_TYPE |
FUGR |
Authorizations for Logging On to a Trusted SAP System (Trusted Relationship)
Authorization Object S_ RFCACL
Parameters |
Value ( Outbound Sc enario) |
ACTVT |
16 |
RFCCLIENT |
<Client of the Target System> |
RFC_EQUSER |
Y |
RFC_SYSID |
<System ID of the Send System> |
RFC_USER |
<user name> (Support User) |
Security Authorizations
The authorizations listed here should not be granted to the support user for security reasons.
Authorizations for External Debugging
The support user should not have authorizations for external debugging in the system in which the unit was created:
Authorization Object S_DEVELOP
Parameters |
Value ( Outbound Sc enario) |
OBJTYPE |
DEBUG |
ACTVT |
90 |
OBJNAME |
<user name> |
Transaction Authorizations
In addition to this, the support user should not have authorizations for the following transactions:
SE37, SE38, SE80 (program maintenance)
SM59 (maintenance of RFC destinations)
SMT1 and SMT2 (maintenance of trust relationships between SAP systems)
SU01 (user maintenance)
SE16 (table maintenance)