-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- Additional Blog Posts by SAP
- RFC Callback Whitelist
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
As of SAP Basis 740 (downported to ABAP 731 with Kernel 7.21 SP 321), we have introduced the callback whitelist for each RFC destination.
When you use the ABAP statement "CALL FUNCTION <func> DESTINATION <DEST>" to call a synchronous RFC, you can, when executing the remote function module (<func>), use a synchronous RFC with the predefined destination "BACK" (that is, via the ABAP statement "CALL FUNCTION <funcBack> DESTINATION 'BACK'" (also known as an RFC callback)) to execute a remote-enabled module (<funcBack>). The following prerequisite applies: If the RFC authorization check is activated (see SAP Note 93254) on the calling side, the caller must have the necessary RFC authorization. Otherwise, execution of the function module (<funcBack>) terminates with a corresponding error message.
Comment: In the RFC runtime, an RFC callback is supported during the synchronous RFC only. During other types of RFCs, such as during an asynchronous RFC, a transactional RFC or a background RFC, an RFC callback is not supported.
You can find more detailed information in SAP note 1686632 .
For example,
CALL FUNCTION ‘F2’ DESTINATION ‘BACK
- 1. Each RFC Destination has an activation switch for its callback whitelist.
- 2. Profile parameter rfc/callback_security_method determines the system behavior:
Value 0: Emergency fallback mode:
All whitelists are ignored.
Value 1: Compatibility mode (default value):
Only callbacks prohibited by active whitelists are rejected.
Value 2: Simulation mode:
Only callbacks prohibited by active whitelists are rejected.
Callbacks prohibited by non-active whitelists are allowed, but logged in SAL.
Value 3: Most secure mode:
Callbacks prohibited by active or non-active whitelists are rejected.
If you set the parameter to 0, or 1, you will see a red alert message "RFC callback chk not secure".
You can define the whitelist in SM59 -> Logon & Security -> Callback whitelist.
Bluesky- External Workflow for S/4HANA Sales Orders: Event Mesh + CAP + SAP Build Process Automation in Enterprise Resource Planning Blog Posts by SAP
- ABAP AI Meets Workflow: ISLM-Powered Routing in S/4HANA in Enterprise Resource Planning Blog Posts by SAP
- SAP Cloud Integration (CI/CPI) - Reusable Script Collection Pattern for Sensitive Data Masking in Technology Blog Posts by SAP
- SAP BTP - APIM - DDCR - Deterministic Routing Mechanism JavaScript Policy full explanation each step in Technology Blog Posts by Members
- Agentic AI on BTP: a Multi‑Agent App with Pydantic AI in Technology Blog Posts by Members
