Quantcast
Channel: SCN: Message List - Security
Viewing all articles
Browse latest Browse all 5338

Re: S_RFCACL - RFC_SYSID values transport or maintain directly in each system?

$
0
0

This is correct.

 

You can use a fixed SYSTEM user for the connection as long as there are no dialogs involved. In some earlier system releases the screen calls were programmed into the search help RFC functions instead of returning the results to a calling screen. D'oh..

 

In that case the SYSTEM user is fixed into the connection and can call FM AUTHORITY_CHECK with the FOR_USER parameter as the DIALOG user. The SYSTEM user will determine the DIALOG user's application authorizations without them having to be logged onto the remote system nor have the Trusted RFC authorizations not QRFC to setup the Trusted connections from anywhere else.

 

Much like field FILE of S_DATASET without using logical file names, the RFC_SYSID is actually just an irritation and it is more reliable and pragmatic to use other fields and S_RFC and the existence of the connection, than break your roles because of a field which is very difficult to control anyway and needs to be maintained in production (and also VERY and RELIABLY fast if you ever transport the role again because of some other change..).

 

My advice: put a * in the field and concentrate on other more important things with higher risk and impact and probability, until your concept is secure enough that you can take on this field.

 

Cheers,

Julius


Viewing all articles
Browse latest Browse all 5338

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>