Cause
From the corrections from SAP Note 1686632, profile parameter rfc/callback_security_method can be used to prevent “RFC callbacks”. In Central User Administration (CUA), report SUSR_ZBV_GET_RECEIVER_PROFILES uses precisely this RFC callback option to perform the “text comparison” for all child systems.
If you have restricted usage of RFC callbacks on the central CUA system to value 3 using the profile parameter mentioned above, or if you plan to do this, the CUA text comparison will not work any more if the callback whitelist entries are not correctly maintained in the RFC connections.
Description
Report RSUSR_CUA_CALLBACK_WHITELISTS is used to automatically enter callback whitelist entries required for central CUA in the RFC connections in transaction SM59.
The report has a test mode, which performs all actions but does not save them.
The result, errors and warnings are displayed in the form of a business application log (BAL). Note that this is not saved.
The report can be executed multiple times, as it recognizes existing whitelist entries and only adjusts RFC connections that still contain the entries.
As of SAP_BASIS Release 7.50 and the corrections from SAP Note 2585923, static configuration of the callback whitelists per RFC connection is no longer necessary. So long as the text comparion (report SUSR_ZBV_GET_RECEIVER_PROFILES) does not detect any matching static callback whitelist entries in SM59, it works alternatively with dynamic RFC connections. These RFC connections that are created at runtime, also then only contain the entries required for the text comparison in their callback whitelist.
In the case of large CUA landscapes, the runtime behavior of the text comparison in report SUSR_ZBV_GET_RECEIVER_PROFILES can differ depending on whether dynamic or static RFC connections are used. It might therefore be of advantage to define the callback whitelists as static in report RSUSR_CUA_CALLBACK_WHITELISTS.
Requirements
Report RSUSR_CUA_CALLBACK_WHITELISTS can only be run in a central CUA system. The user executing it requires the corresponding authorizations to change the RFC connections to all CUA child systems.
