Create an RFC User in SAP

Jimbo's picture

Many tools associated with SAP rely on Remote Function Calls or RFCs. A great example of a tool that utilizes RFCs is the automated obsolescence determination tool.

RFCs don't operate in a vacuum of security; they require an account in SAP with appropriate permissions. It may be that the BASIS team or security team may not know what it means to make an account "RFC-capable". This whitepaper is a primer for the creation of RFC users.

Start with the User Maintenance transaction. It's in the SAP Easy Access menu system under Tools→Administration→User Maintenance→Users. Alternatively, the same transaction can be accessed using the transaction code SU01.
Access User Management through SAP Easy Access.

Type in the name of the new RFC user and then click the New button. For the purpose of this whitepaper the user name "rfc_user" will be used.
Create a new RFC user from User Maintenance.

Under the Logon data tab select the "Service" radio button. This tells SAP that this user will not log in using SAP GUI, but instead performing Remote Function Call as part of an external system.
Select 'Service' from Logon Data tab.

Under the Profiles tab add the S_A.SCON profile. This gives the user the permission to log into SAP and perform RFCs.
Add 'S_A.SCON' profile under the Profile tab.

Click the "Save" button. When the User saved message appears the RFC user account has been created. All that is left at this point is testing.