The administration of RFC users in SAP systems is performed using the general SAP user administration functions (transaction SU01).
In principle, RFC users can have any user type (system user, dialog user, individual user, composite user).
For security reasons, use only system users for RFC communications, if possible, to avoid accessing dialog processes. However, depending on the application, you may need to set up dialog type RFC users.
Users can be authenticated in various ways:
· Check user and password
· Check with the Trusted System procedure
· Check with SSO (Single Sign-On)
· Check with a certificate (X.509)
To guarantee the security of your RFC connections, include the following points in your user administration setup:
A user can use transaction SM59 and Remote Logon to log on to a remote RFC destination (if the user is a dialog user in the target system).
The required authorization objects are S_ADMI_FCD with the value NADM and S_TCODE with the value SM59.
Under Logon/Security in transaction SM59, specify the security options for each RFC destination. To define the authorization of a user for accessing a specific destination, you can enter a check value in the Authorization for Destination field. Also read the F1 help for this field.
If a user’s RFC connection request is authenticated with the standard password mechanism, then the user must log on to the remote target system with a valid user ID and password. This information must either be stored in the RFC destination (for system users), or the user ID and password is queried when the connection is created (runtime query).
For this reason, note the following points