SAP® RFC Authorization
Optimizing the authorization structures of SAP® RFC interfaces is an often neglected topic
When it comes to safeguarding SAP® systems, most clients focus on dialogue users' authorizations. All technical users (RFC and batch) are equipped with far-reaching rights, as no exact rules for a correct assignment of rights exist. For only in the rarest of cases does any current interface list exist, especially taking into account the need for protection. Relationships of trust between systems ( SAP® SSO and Trusted RFC) are also rarely documented and remote database connections too lead to unchecked security loopholes.
In this regard, the SAP® standard offers no comprehensive, central evaluation of all interfaces.
Missing SAP® RFC authorization analysis enables malpractice
The consequences are obvious. There are many SAP® RFC users with SAP_ALL or S_RFC full authorization or comprehensive system rights (S_USER_GRP, S_AMI_FCD). Through a lack of documentation and insecure saving of passwords there is a high potential for malpractice. Our SAP® RFC Authorization Optimization consultants can help you to safe all your SAP® RFC interfaces, to avoid the risk of malpractice and secure your whole SAP® landscape.
SAP® RFC authorization consulting package
To safeguard and optimize RFC interfaces, we offer our akquinet consultancy package.
- Initial workshop to ascertain the SAP®-system landscape, inclusive of interface documentation
- Installation of SAST AddOn packages
- Creation of new user accounts for technical users based on the client's naming conventions
- Activation of SAP® RFC authorisation traces for technical user accounts
- Creation of SAP® authorization roles based on trace data
- Testing of the new roles
- Switching the SAP® users over to the new roles
- Remote support for 3 months after user change
- Optional: optimization of Trusts and of DB and HTTP links in your SAP® system
Advantages of a holistic SAP® RFC authorization optimization
- Automatic analysis and adaptation of SAP® RFC authorizations
- Elimination of unwanted SAP® RFC connections
- Simple, smooth switchover to reduced SAP® authorizations
- Follow-up documentation of all SAP® RFC and system interfaces
- Proven and cost-effective procedural model