Password deposit in RFC connections
Password deposit for RFC connections
RFC [Remote function call] connections allow the execution of function calls
[programs – ABAP and non-ABAP] from external systems / clients.
These connections are maintained via transaction SM59.
This transaction cannot be restricted to „Read/Display only”.
Access to this transaction should only be granted to the Basis Administration team.
The RFC connections are stored in the table RFCDES [via transaction SE16N].
An evaluation of existing RFCs can be performed with the help of the report
RSRSDEST or RSRFCCHK [via SE38].
To understand the entries a little better when reviewing the table:
H = represents the server
S = represents the instance number
M = represents the client number
U = represents the user name
V = represents the password
A critical aspect in using RFCs is the deposit of dialog user IDs with their respective
passwords. These connections would allow the usage of the corresponding
RFC with the authorizations of the user that is maintained in this particular RFC.
As a rule: Dialog users with their passwords should never be set up in RFC
connections.
To check if dialog users and their passwords are maintained in RFC connections
the transaction SE16N is to be called with table RFCDES.
In the field RFCOPTIONS the selection *v=* or *V=* is to be entered.
After that the corresponding user IDs are to be extracted and reviewed in SU01D
to validate the user type [only Communication or System].
The report RSRFCCHK can be provided by the Basis team for evaluation as well.
Entries with ******** [8 stars] in the column Password actually indicate
that a password is maintained for that particular RFC.
To check who has the authorization to maintain RFCs the report RSUSR002
can be used.
