Register Login

RFC short dump RFC_NO_AUTHORITY

Updated May 18, 2018

Error occurs during the short dump transaction (transaction code ST22)

In the ABAP short dump transaction (transaction code ST22), error ID RFC_NO_AUTHORITY gets generated.

What is the reason for the error to occur?

Remote Function Call authorization checks based on the (called) function groups can be performed with Release 31G.

The system automatically performs an RFC authorization check, when the instance profile parameter auth/rfc_authority_check is set (equal to 1). The authorization check refers to the function group of the function module to be called. A runtime error occurs, when no authorization exists. The function module AUTHORITY_CHECK_RFC can be used to check the authorization in advance. 

During each RFC access to the function module that is called (the check is performed against the relevant function module group), the RFC authorization check in the system is carried out. 

Authorization object S_RFC is used to perform the authorization check. This authorization object contains the following three fields:

RFC_TYPE: Type of RFC object to be protected

Presently, this field can have the value FUGR (function group).
Additionally, as of NetWeaver Release 702, this field can have the value FUNC (function module). 

RFC_NAME: Name of RFC to be protected

Currently, this field contains the names of function groups.
This field can have a maximum of 18 characters and at this stage a check is performed.

ACTVT:  Activity

Currently, this field can have the value 16 (Execute).
The authorization check is active by default (that is, auth/rfc_authority_check = 1) with Release 4.0.

Comment: This system behavior is documented and the ABAP online documentation contains information about this.

How can this error be resolved?

The options are as follows:

If the RFC authorization check is active (that is, auth/rfc_authority_check = 1):

The required authorizations for the function groups are assigned that are called to the user. At this stage, the applications that use this RFC user determine which authorization profile the user must receive. This profile should include all of the required function groups which are called using the RFC environment in the application.

The authorization S_RFC_ALL (all of the authorizations for executing RFCs) is assigned to the user. This authorization has the following values for the authorization object:  RFC_TYPE: '*', RFC_NAME : '*' and ACTVT: '*'. This action enables a user to call all of the remote-enabled function modules in the current system. It can also be said that the RFC authorization check is deactivated for the user.

One can create the same authorization with the specified attributes, if this authorization is not available in the current database. The profile value to zero (that is, auth/rfc_authority_check = 0) for each application server is reset to deactivate the RFC authorization check, and the server with the changed profile should be restarted. When the profile parameter is checked using transaction RZ10, the system may log the following error message: "E: Value 0 is less than default value 1". One can either ignore this error message, or can correct it as follows (this correction is no longer required as of Release 46):

a) Transaction RZ11 should be called.
b) The profile parameter auth/rfc_authority_check should be entered and "Display" should be chosen.
c) The "INT" OK code value should be entered in the Ok code field.
d) "Display <-> Change" should be chosen.
e) The transport request should be confirmed.
f) The "Parameter Type" attribute from "Integer value" should be changed to "Character String".
g) The change should be saved.
h) The transport should be released.

If the ABAP runtime error RFC_NO_AUTHORITY occurs with the short text:

No RFC authorization for function group "-1" for user "Wrong authority",

This problem can be corrected with the following patch levels:

* For Release 46B, with patch level 260 and the patch text:
      
RfcOpenEx works incorrect with saprfc.ini (Note 93254).

* For Release 46D, with patch level 21 and the patch text:
     
 rfc authority problem (Note 93254).

An error in the RFC authorization check can be corrected using the patch "RFC authority check failed". During the occurrence of this error RFC user was granted authorization, even though this was not defined in the user master record. This problem is corrected with the following patch levels:
    
* For kernel 31I: Patch level 545
* For kernel 40B: Patch level 743
* For kernel 45B: Patch level 531
* For kernel 46D: Patch level 195s was not defined in the user master record. 

Additionally, the ABAP runtime error RFC_NO_AUTHORITY which occurs with the short text:

For kernel 31I with patch level 554 and the patch text "RFC authority check failed after second call", no RFC authorization for function group "1" is corrected. 


×