Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

restrict fun module

Go to solution
Former Member

‎2010 Apr 28 2:45 PM

0 Likes
615

Hi all,

I need to restrict the function module to run only from proxy. It should not be allowed to run independently. Can you guys give some suggestion

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2010 Apr 28 3:27 PM

0 Likes
571

hi,

You can use a "AUTHORITY-CHECK" or you can develope a test code, testing who runs the RFC.

I advice to use SY variables.

4 REPLIES 4
Read only

Go to solution
Former Member

‎2010 Apr 28 3:27 PM

0 Likes
572

hi,

You can use a "AUTHORITY-CHECK" or you can develope a test code, testing who runs the RFC.

I advice to use SY variables.

Read only

Go to solution
Sandra_Rossi
Active Contributor

‎2010 Apr 28 3:46 PM

0 Likes
571

who else could call this function module? do you mean external RFC calls? in that case, protect all the other RFC function modules too!

Read only

Go to solution
Former Member
In response to Sandra_Rossi

‎2010 Apr 28 3:54 PM

0 Likes
571

Hi,

We do not want any one to run the FM independently.

Thnx

Read only

Go to solution
Sandra_Rossi
Active Contributor
In response to Sandra_Rossi

‎2010 Apr 28 5:26 PM

0 Likes
571

in production, nobody can call a program or function module directly (unless you give them the authorizations!)

Nevertheless, you may think of developers who create a program and call this function module in a hidden manner, and transport it to production (like a kind of hacker attack). In that case, yes, add an authority-check, that should work unless the developer is a friend on an administrator. In that case, I suggest that you trace administrator's work. Moreover, you may revoke authorizations via S_DEVELOP authorization object in the development system so that nobody is able to change this function module. If a developer tries to overpass this authorization check by debug, administrators should be able to see that in the SM21 log.