Unified Connectivity: Concept

The current version of the Unified Connectivity Framework increases the security of RFC communication by reducing the number of RFC functions that are visible externally and in this way greatly reduces the interface for external attacks:

• RFMs are only used to a small extent in the ABAP server for communication with other systems or clients. RFMs are mainly called to realize asynchronous scenarios or load balancing/parallelization.

  These RFMs must also not be visible to the outside. This is also true for those RFMs that can be reached from the outside that are not necessary for the scenarios in the actual system and can therefore not be used.

• Until now, external access to the function modules using RFC was restricted/controlled exclusively by special authorization checks and the corresponding roles with purpose-specific assignments to users.

  Unified Connectivity also provides more simple and more comprehensive control about which RFMs can be called by other systems: An RFM can only be called externally if it is assigned to a Communication Assembly (CA) that in turn is configured to be linked to a virtual host.

  External access is blocked for all other RFMs that are not assigned to a CA. In this way it is possible to control and restrict external access to RFMs independently from the user context.

  Note

  Authorization checkes are still required for checks in the user context.

In addition to this you can use the Role Builder scenario to analyze the necessary RFC authorizations for your system in detail and create tailor-made user roles by assigning RFC functions to appropriate CAs. The Role Builder makes it possible to grant authorization on a restricted basis and therefore also increases the security of your RFC communication.