KB #0015: Minimum ABAP Permissions for RFCSession and TableReader
RFC Permissions
To be able to call RFC functions, users need at least the following permissions:
| Authorization Object | Activity | Parameter | Value |
|---|---|---|---|
S_RFC |
Execute (16) |
RFC_TYPE |
FUGR |
RFC_NAME |
SYST, RFC1, SYSU, SDIFRUNTIME, RFC_METADATA |
Alternatively, you can assign the role SAP_BC_JSF_COMMUNICATION to your user, it contains all the necessary permissions.
In addition to the function groups listed above, you need to add the function groups or modules you want to call.
Further information can be found in SAP Note #460089.
Additional permissions for TableReader
To use TablesReader, the following additional permissions are necessary:
| Authorization Object | Activity | Parameter | Value |
|---|---|---|---|
S_RFC |
Execute (16) |
RFC_TYPE |
FUGR |
RFC_NAME |
SDTX |
||
S_TABU_DIS |
Display (03) |
DICBERCLS |
Authorization group (as defined in TDDAT) |
S_TABU_NAM |
Display (03) |
TABLE |
Name of the table(s) or * |
S_TABU_CLI |
- | CLIIDMAINT |
X |
S_TABU_LIN |
- | (several) | (used for row-level authentication) |
Note: You can assign either S_TABU_DIS (access control by table group) or S_TABU_NAM (access control by table name). S_TABU_CLI is necessary if the table is client-independent (e.g. has no MANDT column).
Further information about table authorization can be found in SAP Note #1516880.
