Connecting an SAP NetWeaver System to SAP Access Control

SAP NetWeaver systems are basically SAP systems that mostly use SAP GUI, such as SAP ERP and SAP S/4HANA.


To start the configuration to SAP Access Control, the first step is to establish some RFC connections. RFCs will allow your systems to communicate. We recommend two-way communications, which means RFCs must be established in both systems.


Note that you must have communication type users ready in both systems before starting with the configuration. These IDs can have the SAP_ALL and SAP_NEW assigned profiles along with authorization objects S_RFC and S_RFCACL, which are not part of the SAP_ALL profile by default.


To create an RFC connection, follow these steps:

  1. Log on to SAP Access Control system.
  2. Execute Transaction SM59.
  3. Click Create.
  4. Enter a name in the RFC Destination field, which is a free text field. We recommend you give the destination in an easy-to-read name, for example, TGDCLNT100.
  5. For the Connection Type field, maintain 3 ABAP Connection, which is the connection type used for SAP NetWeaver systems.
  6. Maintain the Description 1 field, as required.
  7. Under the Technical Settings tab, maintain the Target Host field with either IP address or host name and maintain the Instance No. field, as shown in this figure.

RFC Destination Definition

  1. Now, under the Logon & Security tab, maintain the RFC user ID in the User field as well as the PW Status field, as shown below.

RFC Logon & Security Tab

  1. Click Save.
  2. Go back to the main screen, and you should see the RFC destination you just created.

Note: You can follow these steps to create an RFC connection in all backend systems. Ensure that this RFC connection and the associated user are only utilized for SAP Access Control system activities.


We recommend performing a connection and authorization test before proceeding with the next set of configurations. To perform this test, follow these steps:

  1. Open the RFC connection from Transaction SM59.
  2. Go to Utilities _ Test _ Connection Test, as shown in this figure. 

RFC Test Options

  1. Once the connection test is successful, you can see the successful test screen, as shown below. 

Authorization (Connection) Test Successful

  1. Repeat these steps to test all authorizations. If an issue arises with a user name and password, you may see an error message like the one shown here.

Authorization (Connection) Test Failure


Editor’s note: This post has been adapted from a section of the book SAP Access Control: The Comprehensive Guide by Raghu Boddu.


SAP Access Control: The Comprehensive Guide
SAP Access Control: The Comprehensive Guide

Manage on-premise user access with this comprehensive guide to SAP Access Control. Begin with step-by-step installation and configuration instructions. Then implement key SAP Access Control modules, including access risk analysis, emergency access management, and access request management. Learn to manage business roles, review user access, evaluate segregation of duties risks, and configure automation workflows. This is your all-in-one guide to SAP Access Control!

Learn More

SAP PRESS is the world's leading SAP publisher, with books on ABAP, SAP S/4HANA, SAP CX, intelligent technologies, SAP Business Technology Platform, and more!