On the basis of specially prepared RFC statistics records, an administrator decides which remote-enabled function modules (RFMs) are to be exposed to the outside and assigns them to aDefault Communication Assemblythat is provided by the framework together with the default configuration anddefault host. Only these RFMs in thedefault CAare then able to be reached from the outside, outside access is blocked for all the other RFMs: They can no longer be accessed from outside the system but can still be called for system-internal scenarios such asload balancingand asynchronous scenarios.NoteAlongside the RFC Basic scenario, you can use theRole Builder scenarioto determine which RFC authorizations are required and create appropriate user roles.

Process Logging PhaseTo achieve this protection, you must first find out which RFMs must be reachable from the outside in the affected system.For this you persist the RFC calls with the UCON Framework in the relevant server system using a freely-definable time period in thelogging phase. This happens without affecting performance by the framework saving the intended part of the statistics records collected by the system.After the selected time period has expired, it is possible to assign all RFMs called from the outside to the default CA or to assign all RFMs that are to be exposed by default CA individually. However, it is possible to assign additional RFMs to the default CA or to remove an assignment. Evaluation PhaseAfter the logging phase has expired, anevaluationorsimulation phasefollows. The duration of this phase can be selected individually. Here you can check without risks if you need to expose more RFMs for the business scenarios running in the system than those that are already in the default CA.In this evaluation phase there are no consequences if calling an RFM does not pass the runtime checks of Unified Connectivity. In this way you can find out which RFMs you still need to assign to the default CA without an RFM with errors possibly blocking productive scenarios. Productive PhaseIf the security that all required RFMs are in the default CA exists after the logging and evaluation phase, the UCON runtime checks can be activated in a third phase (finalorproductive phase). The protection of the RFC server security scenarios exists from this point: Only the RFMs in the default CA are still reachable from the outside at runtime. If an RFM (that is not in the default CA) is called from the outside, a runtime error is created with corresponding error message and error logging in the system log.

Role Builder Scenario: ProcessAnalyze the required RFC notifications and create the relevant user roles.Process Firstly, all function modules are selected on the basis of specific criteria (for example, destination used, client to be run, users to be run on the server side). In the next step you can assign function modules with the same authorization requirements to different Communication Assemblies(CAs) that you have created for this purpose. The assignment to a CA takes place on the basis of the attributes selected above. You can then create an ABAP user role that contains the corresponding authorization object SRFC for each CA using transaction PFCG.ExampleYou have created aMyDESTdestination and have defined a user for external RFC communication in this destination.After activating the UCON loggings you can analyze the collected data by selecting all of the function modules that were called using theMyDestdestination and assign them to a corresponding CA.Using transaction PFCG you then create a user role with authorization object SRFC where the authorization is only granted for the list of selected function modules.If you then assign this role to the user defined in the destination, an external client can only call those function modules that are defined in the list.

UCON CCMS Monitoring: FunctionsDetailed information for monitoring UCON processes in the CCMS Monitor (transaction RZ20).In the following section you find a detailed description of the functions of the UCON CCMS Monitoring that are available in the central CCMS Monitor (transaction RZ20). The individual monitoring functions are shown in the following navigation nodes: Prerequisites Worklist for UCON Phase Tool Transport Status of Phase Assignments Status of Runtime and Design Time Status of Batch Jobs