Skip to Content

Quick n Dirty Disable all RFC hosts after production system refresh to QA (to stop RFC outbound leaks).

If you don’t want any possibility RFC leaks after refresh.

After database reset and rename, before you startsap for the first time use the sqlplus tool (or equivalent for your Database)

sqlplus / as sysdba

Step 1: Backup rfcdes table.

SQL> create table sapr3.rfcdes_sav as select * from sapr3.rfcdes;

Step 2: Update all entries, including locked RFC entries

SQL> update sapr3.rfcdes set rfcoptions=replace(rfcoptions,’H=’,’H=disabledforqa.’);

SQL> commit;

This will change all hostnames to for example “H=disabledforqa.150.45.152.140,S=00,M=110,L=E,v=57F23915472A221E2149D13B5317,u=Y” which will effectively block any external access.

Step 3: Startsap (normally with rdisp/wp_no_btc = 0 )

Step 4: Using /nsm59 change only those RFC’s needed for new system

Reversal:

SQL> update sapr3.rfcdes set rfcoptions=replace(rfcoptions,’H=disabledforqa.’,’H=’);

Be the first to leave a comment
You must be Logged on to comment or reply to a post.