After a relaxing summer holiday, it’s time to fulfill the promise I made in my last post and provide the evaluation report for our log of RFC calls.
If you don’t know what I’m talking about, please read the first part of this article.
This report basically parses the RFC log and shows the function groups that would’ve been required to execute the called modules.
In addition, it finds out, whether the respective users currently have the required S_RFC authorization — therefore, it allows you to focus on those entries, where the authorization is missing.
- Create a new program in SE38 and copy-paste this source code.
- Set a program authorization group in the attributes section.
- Activate the program & execute it.
The selection screen should be rather self-explanatory:
There is only one noteworthy feature: the “Client” field is pre-filled with all clients, for which no RFC connection could be determined automatically. The report checks the logical systems for all local SAP clients and tries to reach them via the assigned RFC connection (that should normally work in a well-configured system :wink:). If this attempt fails, the respective client is excluded from the evaluation. Just log on to the excluded client(s) and run the report locally – this will always work!
The screenshot below shows an exemplary result. All lines with function groups, for which authorizations exist, are hidden per default; to unhide them, just remove the filter (marked in red below).
The icons in the “Auth. check” column have the following meaning:
» User has the required authorization — filtered out per default
» S_RFC authorization is missing — this is what we’re interested in
» User is locked
» User does not currently exist