Skip to end of metadata
Go to start of metadata

Purpose

The purpose of this wiki is to explain why in some cases "Connection Test" in SM59 will have different results.

Overview

This wiki details the different values of parameter auth/rfc_authority_check and what they mean. 

Logon Screen

In some cases, if you choose and R/3 destination in SM59 and make a "connection test" a logon screen will be shown as follows:




 For other R/3 destinations the Connection test will be successful as normal and show the following sceen: 




 

 If the logon screen occurs, check the value of parameter auth/rfc_authority_check on the SERVER side.

Parameter Values

Depending on the value of parameter  auth/rfc_authority_check an RFC authorization check against authorization object S_RFC may be performed.

If the parameter is set to 0 No authorisation check is performed.
If the parameter is set to 1 the authorisation check is active (no check for same user - no check for same user context and SRFC-FUGR)

As value of 2 means that the authorisation check is active with no check for SRFC-FUGR.

A value of 9 means that the authorisation check is active, SRFC-FUGR  is also checked 

Example

So as per the example above, when the "Connection test" is done in SM59 and the Logon prompt is shown,  this can happen if parameter auth/rfc_authority_check is set to 9 on the server side.

In this case, the observed behavior is correct and with the parameter value 9 the so called system function modules, e.g. RFC_PING which is used in SM59 for connection test, will be handled

as a regular function module. Therefore any failed RFC logon attempt within  a SAPGUI session will lead to RFC logon screen. If this happens, check that the logon details used in the RFC

destination in SM59 are correct.

Related Content

Related Documents 

Related Notes

93254       RFC short dump RFC_NO_AUTHORITY

523300     auth/rfc_autority_check profile parameter is not checked

931252     Security Note: Authority Check for Function Group SRFC