19:12 When comparing to the description given in SAP Note 2216306, one hase to refrain from setting values for which it is stated 'In the case of an RFC logon in the same system with the same user and client, no authorization check is executed.' and additionally the ones which only take effect for some FuBas 'if this is called from SAP GUI' (for other reasons). Knowing this, I end up with the value '2' (obsolete) and '9'. For the value '9' SAP states 'this value scarcely brings about any security improvement in comparison with the value 6.' It seems this statement misses the while internal conversation scenario. SAP should reconsider their recommendation. 47:13 Some month ago, I convinced SAP to make an adjustment in the UCON framework, as it blocked the assignment of certain function modules (mostly of group SRFC) to the SNC_CA. The fix was provided in SAP note 3352382.