Re: Which RFC connection is the user using?

Hi Ilian,

From below Best Practice - How to analyze and secure RFC connections - Security and Identity Management - SCN Wiki

1. Monitor RFC calls in RFC client systems
   1. Monitor the RFC calls on the new users with the Security Audit Log dynamic filters in transaction SM19 to be able to build their role later. Make sure you only activate it for them and that your file size is sufficient.
   2. Also consider the RFC Server Profile of the Workload Statistics in transaction ST03N for the old users to start with analysis (see How to get RFC call traces to build authorizations for S_RFC for free!).
   3. Meanwhile, monitor the RFC logons of the old users with transaction/report RSUSR200 until they stop logging on. You need to give this at least a month's time before removing their access first (so that any callers still coming in will write an ST22 dump to alert you about the user still existing in a connection somewhere. Later you can lock them and "retire" them to a user group for the same. Do not delete them, as you might well need the ability to access change documents specific to them later (e.g. during an audit).

Hope this helps.

Regards,

Deepak Kori