Hi,
you should not try to create one massive role that will be used for every RFC user. You should try to create a tailored role for each user. E.g. if a RFC user is used to create sales orders by some external app then this user should be authorized to create these sales orders only. So in case this external app gets compromised the attacker won't be able to gain access to your ECC system by misusing RFC connection. This obviously requires some effort.
For a quick solution that lowers the risk but it's not the best you can try to use SAP role that is delivered for workflow user WF-BATCH. It used to be common to assign SAP_ALL to WF-BATCH user but later SAP provided a role that removes some risky authorizations.
BTW unless you just upgraded you don't need to assign SAP_NEW to your users. You should read about meaning of SAP_NEW profile here on SCN.
Cheers