KB #0015: Minimum ABAP Permissions for RFCSession and TableReader

RFC Permissions

To be able to call RFC functions, users need at least the following permissions:

Authorization Object Activity Parameter Value
S_RFC Execute (16) RFC_TYPE FUGR
RFC_NAME SYST, RFC1, SYSU, SDIFRUNTIME, RFC_METADATA

Alternatively, you can assign the role SAP_BC_JSF_COMMUNICATION to your user, it contains all the necessary permissions.

In addition to the function groups listed above, you need to add the function groups or modules you want to call.

Further information can be found in SAP Note #460089.

Additional permissions for TableReader

To use TablesReader, the following additional permissions are necessary:

Authorization Object Activity Parameter Value
S_RFC Execute (16) RFC_TYPE FUGR
RFC_NAME SDTX
S_TABU_DIS Display (03) DICBERCLS Authorization group (as defined in TDDAT)
S_TABU_NAM Display (03) TABLE Name of the table(s) or *
S_TABU_CLI - CLIIDMAINT X
S_TABU_LIN - (several) (used for row-level authentication)

Note: You can assign either S_TABU_DIS (access control by table group) or S_TABU_NAM (access control by table name). S_TABU_CLI is necessary if the table is client-independent (e.g. has no MANDT column).

Further information about table authorization can be found in SAP Note #1516880.