Solution : https://service.sap.com/sap/support/notes/642202 (SAP Service marketplace login required)
Summary :
RFC users should not employ the SAP_ALL profile for security reasons. Instead, create a custom role with restricted basis authorizations using transaction PFCG in the role maintenance. Deactivate certain authorizations, especially in 'Basis Administration' and 'Basis Development Environment', to minimize security risks. Key authorizations to deactivate include S_ADMI_FCD, S_USER_AGR, and S_DEVELOP among others. Save these settings and assign the new profile to the RFC user in the backend system via SU01 to ensure proper access level and security compliance.
Key words :
choose menu option 'utilities -> technical names, choose menu option 'edit -> insert authorization, terms srm-ebp-adm-usr, system specific assignment authorization checks, object class 'basis development environment', choose 'change authorization data', object class 'basis administration', deactivate authorization objects globally, dialog box 'insert, back-end system
Related Notes :
| 775011 | EBP 4.0+: Report B_UPLOAD_COST_CENTER_ATTRIBUTE incorrect |
| 548862 |