SAP NetWeaver systems are basically SAP systems that mostly use SAP GUI, such as SAP ERP and SAP S/4HANA.
To start the configuration to SAP Access Control, the first step is to establish some RFC connections. RFCs will allow your systems to communicate. We recommend two-way communications, which means RFCs must be established in both systems.
Note that you must have communication type users ready in both systems before starting with the configuration. These IDs can have the SAP_ALL and SAP_NEW assigned profiles along with authorization objects S_RFC and S_RFCACL, which are not part of the SAP_ALL profile by default.
To create an RFC connection, follow these steps:
- Log on to SAP Access Control system.
- Execute Transaction SM59.
- Click Create.
- Enter a name in the RFC Destination field, which is a free text field. We recommend you give the destination in an easy-to-read name, for example, TGDCLNT100.
- For the Connection Type field, maintain 3 ABAP Connection, which is the connection type used for SAP NetWeaver systems.
- Maintain the Description 1 field, as required.
- Under the Technical Settings tab, maintain the Target Host field with either IP address or host name and maintain the Instance No. field, as shown in this figure.
- Now, under the Logon & Security tab, maintain the RFC user ID in the User field as well as the PW Status field, as shown below.
- Click Save.
- Go back to the main screen, and you should see the RFC destination you just created.
Note: You can follow these steps to create an RFC connection in all backend systems. Ensure that this RFC connection and the associated user are only utilized for SAP Access Control system activities.
We recommend performing a connection and authorization test before proceeding with the next set of configurations. To perform this test, follow these steps:
- Open the RFC connection from Transaction SM59.
- Go to Utilities _ Test _ Connection Test, as shown in this figure.
- Once the connection test is successful, you can see the successful test screen, as shown below.
- Repeat these steps to test all authorizations. If an issue arises with a user name and password, you may see an error message like the one shown here.
Editor’s note: This post has been adapted from a section of the book SAP Access Control: The Comprehensive Guide by Raghu Boddu.