all good 
I find easiest way is to run a trace with the user with S_RFC asterisk. Run this in STAUTHTRACE so that it's in ALV format.
You can then get every RFC function module under the program. You will probably only see the S_RFC FUGR values instead of FUNC as it's checked first.
Build you PFCG by adding those into PFCG and the two S_RFCs will default in to authorisations - 1 will be deactivated which is the FUGR values whilst the FUNC values will remain.
Take of your S_RFC asterisk and then you can try again with the trace to see if any others are missing
It's a bit quicker than sifting through ST22 short dumps.
Once you get the function modules you can then analyse the trace files for other permissions and update SU24 for the function module
Think of it this way - we put all of the effort into implementing GRC. If you maintain SU24 properly then you get a better understanding as to why certain objects are in a role. Then, if SoD issues appear you can easily determine what impacts you have if you attempt to remove access.
Regards
Colleen