Show TOC

Background documentationDebug Authorizations for bgRFC Locate this document in the navigation structure

 

In this section you find information on the authorizations that a user needs to debug bgRFC units. In addition, you will find here an overview of the authorizations that the support user should not receive for security reasons.

The assigning of authorizations is required in the following areas:

  • Authorizations at the client side (NetWeaver)

  • Authorizations at the server side (NetWeaver)

  • Authorizations required for related application transactions

Authorizations at the Client Side

Note Note

The specified authorizations are valid for inbound and outbound scenarios.

End of the note.
Debug Authorizations

With the following authorization configuration the user can add and display, but not change, variables in the application scenario during the debug process. A change authorization required that the value ACTVT also be assigned. 02:

Authorization Object S_DEVELOP

Parameters

Value

OBJTYPE

DEBUG

ACTVT

01, 03

OBJNAME

<user name>
Authorizations for the bgRFC Monitor

With the following authorizations the user can display the inbound queue and display, execute, debug its units using the bgRFC monitor (transaction SBGRFCMON).

Authorization Object S_BGRFC

Parameter

Value (Inbound Scenario)

Value (Outbound Scenario)

ACTVT

03, 16, 90, H2, H3

03, 16, 90, H2, H3

BGRFC_D_IN

<Inbound Destination>

BGRFC_D_OUT

<Outbound Destination>

BGRFC_TYPE

01, 02, 03

01, 02, 03

Authorization Object S_TCODE

Parameters

Value (Inbound and Outbound Scenario)

TCD

SBGRFCMON
Authorizations at the Server Side

Note Note

The specified authorizations are only required for the outbound scenario.

End of the note.
Debug Authorizations

Authorization Object S_DEVELOP

Parameters

Value (Outbound Scenario)

OBJTYPE

DEBUG

ACTVT

01, 03

OBJNAME

<user name>
RFC Authorizations for the Target System

Authorization Object S_RFC

Parameters

Value (Outbound Scenario)

ACTVT

16

RFC_NAME

ARFC, BGRFC_EXTERN, ERFC, SYST

RFC_TYPE

FUGR
Authorizations for Logging On to a Trusted SAP System (Trusted Relationship)

Authorization Object S_RFCACL

Parameters

Value (Outbound Scenario)

ACTVT

16

RFCCLIENT

<Client of the Target System>

RFC_EQUSER

Y

RFC_SYSID

<System ID of the Send System>

RFC_USER

<user name>

(Support User)
Security Authorizations

Caution Caution

The authorizations listed here should not be granted to the support user for security reasons.

End of the caution.
Authorizations for External Debugging

The support user should not have authorizations for external debugging in the system in which the unit was created:

Authorization Object S_DEVELOP

Parameters

Value (Outbound Scenario)

OBJTYPE

DEBUG

ACTVT

90

OBJNAME

<user name>
Transaction Authorizations

In addition to this, the support user should not have authorizations for the following transactions:

  • SE37, SE38, SE80 (program maintenance)

  • SM59 (maintenance of RFC destinations)

  • SMT1 and SMT2 (maintenance of trust relationships between SAP systems)

  • SU01 (user maintenance)

  • SE16 (table maintenance)