Controlling Access to RFC Destinations


You can use the authorization object S_ICF to restrict user access rights to RFC destinations. When you assign this authorization object to a particular user, you can control access by client. This means that the user can access only those clients in the RFC destination to which he or she is assigned.

This improves the security of your RFC connections.

Since a transaction or a user usually needs to access multiple RFC destinations, the authorizations are not assigned by selecting these destinations in the appropriate field of the authorization object. Instead, a check value is used, which is stored in both the authorization object and in the required RFC destinations.



       1.      Decide which RFC destinations a user or user group needs to access.

       2.      In the authorization object S_ICF, set the ICF_FIELD field to the value DEST.

       3.      Enter a literal of your choice in the LCF_VALUE field (CHECK, for example).

       4.      Call transaction SM59. For each required RFC destination, enter the same value (in this case, CHECK) in the Authorization for Destination field (field name AUTHORITY), under Logon/Security.