RFC User Authorizations

The RFC user should have the required authorizations as described below.

Production RFC User

• RFC_TYPE (type of RFC object to be protected) – ‘FUGR’

• RFC_NAME (name of RFC to be protected) – ‘SDTX’, ‘STUW’, ‘SYST’, 'BDCH', ‘SRTT’, ‘SRFC’, ‘THFB’,’SIFP’, ‘SCSM_COLLECTOR’, ‘SCSM_GLOB_SYSTEM’, ‘SXMB_MONI’, ‘IPC_V01’, 'S1EM', ‘SUSE', ’RFC_READ_TABLE’

• ACTVT (Activity) – ‘16’

• DICBERCLS (Authorization Group) =
  For all Panaya Projects - ’PC’, ’SS’, ’SC’, ‘SA’,’&NC&’, ‘SPWD’ , ‘XICO’, ‘XIPE’, 'VC', 'MA'

• ACTVT (Activity) = ‘3’

 Object S_TABU_NAM (Table Maintenance)

• ACTVT (Activity) - '03' 

• Table AGR_USERS

• ACTVT (Activity) = ‘3’ 

• DEVCLASS (Development class for Transport) =’*’ 

• OBJNAME (Object name) = ‘*’ 

• OBJTYPE (Object type) =’*’ 

• P_GROUP (Authorization group ABAP/4 program) = ‘*’

• ACTVT (Activity) - '03'

• SXMBIFNAME (Proxy Generation: Interface ID) - '*'

• SXMBIFNS (Proxy Generation: Namespace in the Integration Builder) - '*'

• SXMBPARTY (XI: Communication Party) - '*'

• SXMBPRTAG (XI: Issuing Agency for Communication Party) - '*'

• SXMBPRTTYP (XI: Identification Scheme for Communication Party) - '*'

• SXMBSERV (XI: Service) - '*'

For a system with HR components - Object S_TABU_CLI (Cross-Client Table Maintenance): 

• CLIIDMAINT (Cross-Client Table Maintenance ) – ‘X’ 

For extractions that require Fiori data - Object 'S_TABU_NAM'

• ACTVT (Activity) - '03'

• Table /IWFND/L_METAGR

• Table /IWFND/L_MET_DAT

Solution Manager RFC User

• RFC_TYPE (type of RFC object to be protected) – ‘FUGR’

• RFC_NAME (name of RFC to be protected) – ‘SDTX’, ‘SMSY_GET_DATA’, ‘SMSY_GET_DATA_RFC’, ‘SMSY_PPMS_API_RFC’,’RSDRI’, ‘SYST’, ‘SASAP00’, ‘RFC1’

• ACTVT (Activity) – ‘16’

• DICBERCLS (Authorization Group) = ’SS’,’&NC&’

• ACTVT (Activity) = ‘3’

• ACTVT (Activity) = ‘3’

• BIAUTH (BI Analysis Authorizations: Name of an Authorization) = ‘0BI_ALL’

Object S_TABU_NAM (Table Access with Generic Standard Tools):

• ACTVT (Activity) = ‘3’

• TABLE (Table Name) = TFDIR, USR01

BW RFC User

• RFC_TYPE (type of RFC object to be protected) – ‘FUGR’

• RFC_NAME (name of RFC to be protected) – ‘SCT2’,‘SDTX’ 

• ACTVT (Activity) – ‘16’

• DICBERCLS (Authorization Group) = ‘SC’,’SS’,’&NC&’

If you encounter authorization issues related to BW during the extraction, try adding the following to the authorization group: ‘BWC’, ‘STRW’

• ACTVT (Activity) = ‘3’

• ACTVT (Activity) = ‘3’

Fiori RFC user

The following RFC user is only required if extracting Fiori from external systems -

For Services -

Object S_RFC (Authorization Check for RFC Access):

• RFC_TYPE (type of RFC object to be protected) – ‘FUGR’

• RFC_NAME (name of RFC to be protected) – ‘SDTX’

• ACTVT (Activity) – ‘16’

Object S_TABU_NAM (Table Maintenance)

• ACTVT (Activity) - '03'

• Table '/IWFND/I_MED_SRH', '/IWFND/I_MED_SRT', '/IWBEP/I_MGW_SRH', '/IWBEP/I_SBD_SV', '/IWBEP/I_SBD_GA', '/IWBEP/I_SBD_DS', 'TADIR'.

For usage -

Object S_RFC (Authorization Check for RFC Access):

• RFC_TYPE (type of RFC object to be protected) – ‘FUGR’

• RFC_NAME (name of RFC to be protected) – ‘SDTX’

• ACTVT (Activity) – ‘16’

Object S_TABU_NAM (Table Maintenance)

• ACTVT (Activity) - '03'

• Table '/IWFND/L_METAGR', '/IWFND/L_MET_COL', '/IWFND/L_MET_DAT'.

SI RFC user   

The following SI/ATC users are only required for S/4HANA Solutions -

ATC RFC user

The RFC user should have the required authorizations as described below -

Object S_RFC (Authorization Check for RFC Access):

• RFC_TYPE (type of RFC object to be protected) – ‘FUGR’

• RFC_NAME (name of RFC to be protected) – ‘SATC_CI_METADATA_REMOTE’, ‘SATC_CI_RESULT_REMOTE’, 'SDTX'.  

• ACTVT (Activity) – ‘16’

Object S_Q_ADM (Launching code analysis, accessing results):

• ACTVT (Activity) – ‘03’

• ATC_OBJTYP (ATC: ATC-object with access control needs) – ‘02’, '03'

• ATC_VISIBL (ATC: Result visibility) – All Values

• DEVCLASS (Package) - *

• APPL_COMP (Application component ID) - *

Object S_TABU_NAM (Table Maintenance):

• ACTVT (Activity) – ‘03’

• TABLE (Table Name) = SATC_AC_RESULTH, SCA_DS_SRC 

ATC User for Checked System

In the checked system, the RFC user needs the following authorizations:

Object S_RFC A

• ACTVT (Activity) – ‘16’ (Execute)

• RFC_TYPE - ‘FUGR’

• RFC_NAME -

  • SCA_REMOTE_DATA_ACCESS

  • SABP_COMP_PROCS_E

  • SYCM_APS_REMOTE

  • SYST

  • S_CODE_INSPECTOR_TESTS

Object S_RFC

• ACTVT (Activity) – ‘16’ (Execute)

• RFC_TYPE  - ‘FUNC’

• RFC_NAME -

  • FUNCTION_EXISTS

  • REPOSITORY_ENVIRONMENT_ALL

  • RFC_GET_NAMETAB

  • SVRS_GET_VERSION_DIRECTORY_46

  • RFCPING

  • SLINRMT_RUN

  • TRINT_PROGRESS_INDICATOR

  • TRINT_TP_UPDATE_TPSTAT

  • SLDAG_GET_SYSTEM_NAME

Object S_DEVELOP

• ACTVT – ‘3’ (Display)

• DEVCLASS - *

• OBJNAME - *

• OBJTYPE - *

• P_GROUP - *

Object S_SYS_RWBO

• ACTVT - ‘01’ (Create or generate), ‘02’ (Change), ‘03’ (Display)

• DOMAIN - *

• TTYPE - TRAN

Object S_TRANSPRT

• ACTVT - ‘01’ (Create or generate), ‘02’ (Change), ‘03’ (Display)

• TTYPE - TRAN

Object S_DATASET

• ACTVT - ‘34’ (Write)

• FILENAME - *

• PROGRAM - SAPLSABC, SAPLSTRF