At a remote call of a function module, an automatic authorization check is executed, if the profile parameter auth/rfc_authority_check is set to 1. The authorization check uses the authorization object S_RFC to check whether the user specified in the destination has an RFC authorization for the function group of the called function module.
At the remote call of a function module within the same system, the automatic authorization check is executed only if client and user ID differ. Across systems, the automatic authorization check is executed only outside of trusted systems. To specify a system as a Trusted System, use transaction SMT1.
The automatic authorization check is triggered by the implicit call of function module AUTHORITY_CHECK_RFC. If the authorization is missing, the function module triggers one of the excpetions USER_DONT_EXIST or RFC_NO_AUTHORITY defined in its interface and causes a runtime error. We recommend to call function module AUTHORITY_CHECK_RFC explicitly before a remote call to be able to treat a possible exception. If the authorization exists, the function module does not return an explicit result but, like all successfully executed function modules, sets sy-subrc to 0.