RFC Trusted/Trusting Systems

You can use transaction SMT1 to define a calling system in the system being called as a trusted system. The system being called is then referred to as a trusting system.

Trusted SAP systems can log on to another SAP system without the need for a password. The existence of trust relations such as this between SAP systems has the following advantages:

·        "Single Sign-On" across system boundaries

·        No password transfer across the net

·        Timeout mechanism for the logon data prevents misuse.

·        User-specific logon data for the trusted system is checked.

You can configure multiple SAP systems as mutual trusted systems. When building a trust relationship between two systems, the initiative starts with the called system (server system). Here, users of the calling system who are allowed to make RFC calls by way of a trust relationship of this kind, must be identified in the system being called (trusted users).

Before a trusted system can be defined, a destination for this system must be created in the trusting system. In addition, the RFC users must have the corresponding authorizations in the trusting system (authorization object S_RFCACL). You can check the authorizations for the logged on users in the trusting system in advance, by using the function module AUTHORITY_CHECK_TRUSTED_SYSTEM.

In a trust relationship, the calling system (client system) plays the role of the trusted system, and the called system (server system) plays the role of the trusting system.

RFC Restrictions