Hi Chris
For issue 2 - not sure on workings of EHP7 but the S_DEVELOP, etc would have been brought in due to the SE93 definition RBDAPP01 of using transaction SE38
PFCG would look at the values for both RBDAPP01 and SE38 (see PFCG overview screen shot below)
What is the definition in EHP7 for transaction RBDAPP01?
Regards
Colleen
Ps - Issue 1 with S_RFC - I heard back on release 731 via a friend with access to SAP Security developer that they did something with S_RFC to force maintenance via SU24 for defaulting the values. I suspect one of the more knowledgeable regular SCN security guys will have information on this. The quote I got ws "If you have this object in usobt_c with either an empty or full authorisation value defined it will AUTOMATICALLY remove it from the role when you generate the profile... They did it to close security breach from jumping system". Possilby there is a SAP note in Marketplace mentioning this.
PPS - think this is the note regarding S_RFC implication if partially maintained in SU24 1749485 - PFCG: Problems when updating start authorizations
Message was edited by: Colleen Lee Added S_RFC comment