Purpose
The purpose of this wiki is to explain why in some cases "Connection Test" in SM59 will have different results.
Overview
This wiki details the different values of parameter auth/rfc_authority_check and what they mean.
Logon Screen
In some cases, if you choose and R/3 destination in SM59 and make a "connection test" a logon screen will be shown as follows:
For other R/3 destinations the Connection test will be successful as normal and show the following sceen:
If the logon screen occurs, check the value of parameter auth/rfc_authority_check on the SERVER side.
Parameter Values
Depending on the value of parameter auth/rfc_authority_check an RFC authorization check against authorization object S_RFC may be performed.
If the parameter is set to 0 No authorisation check is performed.
If the parameter is set to 1 the authorisation check is active (no check for same user - no check for same user context and SRFC-FUGR)
As value of 2 means that the authorisation check is active with no check for SRFC-FUGR.
A value of 9 means that the authorisation check is active, SRFC-FUGR is also checked
Example
So as per the example above, when the "Connection test" is done in SM59 and the Logon prompt is shown, this can happen if parameter auth/rfc_authority_check is set to 9 on the server side.
In this case, the observed behavior is correct and with the parameter value 9 the so called system function modules, e.g. RFC_PING which is used in SM59 for connection test, will be handled
as a regular function module. Therefore any failed RFC logon attempt within a SAPGUI session will lead to RFC logon screen. If this happens, check that the logon details used in the RFC
destination in SM59 are correct.
Related Content
Related Documents
Related Notes
93254 RFC short dump RFC_NO_AUTHORITY
523300 auth/rfc_autority_check profile parameter is not checked
931252 Security Note: Authority Check for Function Group SRFC