Thanks for the reply.
But again I have the same concern, I think even if I maintain the * access in the fields of S_RFCACL Authorization Object, the user will not be able to login to any of the system remotely.
1) Trusted relationship has to be set-up between those systems then only the logon is possible.
2) Secondly if after the trusted relationship is set-up, the user would be able to login to the target system(called system) but will be able to execute the transaction to which he is authorize to in that system, irrespective of his authorizations in the calling system.
Therefore I don't see a risk, please let me know if there is any critical risk through this Authorization Object.