Start of Content Area

Background documentation    Security Measures – Overview (RFC)  Locate the document in its SAP Library structure

To guarantee the security of your RFC connections, include the following points in your setup and take the appropriate measures:

General Measures

      Restricting Maintenance Authorizations for RFC Destinations (Transaction SM59)

      Storing User Information for System Users Only (Not for Dialog Users)

      Restrict access to table RFCDES (information on RFC destinations)

      Use authorization checks in (application) function modules if you want to call these modules using RFC.

      Use Secure Network Communications.

      Deactivate Remote Monitoring of SAP Gateways

      Granting Authorizations for RFC Traces and Debugging Restrictively

      Using a Low Trace Level

Special Measures for External RFC Servers

      Prevent Misuse of RFC Software Development Kit

      Allow RFC Connections from Known and Selected Systems Only

      Restrict the use of external RFC server programs

      Restrict Access to RFC Server Program RFCEXEC or RFCEXEC.EXE 

Note

For a more detailed description of these measures, see the appropriate scenario.

More Information

      RFC Communication Between SAP Systems

      RFC Communication Between SAP Systems and External (Non-SAP) Systems

Note

Also read the following security information about the SAP Gateway:

Security Settings in SAP Gateway

Note

You can use the Security Audit Log to monitor RFC calls:

Security Audit Log

 

 

 

End of Content Area