https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916112#M1483576 <HTML><HEAD></HEAD><BODY><P>who else could call this function module? do you mean external RFC calls? in that case, protect all the other RFC function modules too!</P></BODY></HTML> Wed, 28 Apr 2010 14:46:57 GMT Sandra_Rossi 2010-04-28T14:46:57Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916110#M1483574 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P> I need to restrict the function module to run only from proxy. It should not be allowed to run independently. Can you guys give some suggestion</P></BODY></HTML> Wed, 28 Apr 2010 13:45:51 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916110#M1483574 Former Member 2010-04-28T13:45:51Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916111#M1483575 <HTML><HEAD></HEAD><BODY><P>hi, </P><P></P><P>You can use a "AUTHORITY-CHECK" or you can develope a test code, testing who runs the RFC.</P><P></P><P>I advice to use SY variables.</P></BODY></HTML> Wed, 28 Apr 2010 14:27:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916111#M1483575 Former Member 2010-04-28T14:27:46Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916112#M1483576 <HTML><HEAD></HEAD><BODY><P>who else could call this function module? do you mean external RFC calls? in that case, protect all the other RFC function modules too!</P></BODY></HTML> Wed, 28 Apr 2010 14:46:57 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916112#M1483576 Sandra_Rossi 2010-04-28T14:46:57Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916113#M1483577 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P> We do not want any one to run the FM independently. </P><P></P><P>Thnx</P></BODY></HTML> Wed, 28 Apr 2010 14:54:37 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916113#M1483577 Former Member 2010-04-28T14:54:37Z https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916114#M1483578 <HTML><HEAD></HEAD><BODY><P>in production, nobody can call a program or function module directly (unless you give them the authorizations!)</P><P>Nevertheless, you may think of developers who create a program and call this function module in a hidden manner, and transport it to production (like a kind of hacker attack). In that case, yes, add an authority-check, that should work unless the developer is a friend on an administrator. In that case, I suggest that you trace administrator's work. Moreover, you may revoke authorizations via S_DEVELOP authorization object in the development system so that nobody is able to change this function module. If a developer tries to overpass this authorization check by debug, administrators should be able to see that in the SM21 log.</P></BODY></HTML> Wed, 28 Apr 2010 16:26:06 GMT https://community.sap.com/t5/application-development-and-automation-discussions/restrict-fun-module/m-p/6916114#M1483578 Sandra_Rossi 2010-04-28T16:26:06Z