General authorizations
The authorizations object S_RFC specifies whether a user can execute individual function modules directly or from a function group via RFC ”Remote Function Call”. The RFC authorizations for the following function groups are mandatory. If these are missing, it is not possible to log on to the SAP system via RFC.
Access to function modules
Authorization check for function groups (all SAP-Basis releases)
| Authorization object | RFC_TYPE | RFC_NAME | ACTVT |
|---|---|---|---|
| S_RFC | FUGR | RFC1 SDIFRUNTIME SG00 SYST SYSU STFC SUSR BAPT CADR SU_USER SUU1 SENT RFC_METADATA | 16 |
Alternatively, authorization check for individual function blocks (SAP-Basis release 710 and higher)
| Authorization object | RFC_TYPE | RFC_NAME | ACTVT |
|---|---|---|---|
| S_RFC | FUGR | RFC1 SDIFRUNTIME SG00 SYST SYSU SRFC RFC_METADATA | 16 |
| S_RFC | FUNC | STFC_CONNECTION AUTHORITY_CHECK BAPI_TRANSACTION_COMMIT BAPI_TRANSACTION_ROLLBACK RFC_GET_SAP_SYSTEM_PARAMETERS BAPI_USER_GETLIST BAPI_USER_GET_DETAIL SUSR_USER_PASSWORD_STATUS_GET ENQUEUE_READ RFC_METADATA_GET | 16 |