Data Storage Security for the Integration Engine

Use

The Integration Engine (IE) processes messages at runtime. This section provides information on what kind of data is stored in the IE during runtime and recommendations on how to increase the security level for that data.

Data Storage

At runtime, messages are stored in the IE for different purposes:

  • To ensure reliable message processing

  • To guarantee processing according to a specific Quality of Service

  • To enable access to a specific message version for administration purposes (for example, monitoring)

During runtime, a message passes through different processing steps in the IE. During processing, the message is changed subsequently.

As one example, during the receiver determination step, the receiver of a message is evaluated for an incoming message (according to the configuration settings in the Integration Directory). In order to ensure a correct outbound processing of a message, the receiver determined during that step is written into the message header. That means, during that step the message is changed. In other words, a new message version is created.

As another example, during the mapping step of the pipeline, the business data within the message payload is changed according to the applied mapping program.

More information:

Each message version can contain sensitive data. The kind of sensitive data that this includes depends on the scenario.

A message consists of the following parts:

  • Message header

    The header of a message contains the address information, for example, the name of a communication component. This data should be considered as sensitive because it might be possible to draw conclusions from the header data on the internal system landscape of a business partner the message is addressed to.

  • Payload

    The payload of a message contains the business data that is exchanged at runtime. Therefore, the payload might contain sensitive data of any level. In particular, even personal data information might be contained in a message payload.

  • Attachments

    This can be non-XML data, for example, pictures.

Data Protection

There are a number of measures in order to increase data security.

Encrypting Data

When a message is saved, it will remain encrypted also in case it has been sent already as an encrypted message.

To encrypt messages, you need to configure the corresponding communication channels and sender or receiver agreements. Note that not all adapters support message encryption.

More information: Message-Level Security

You have the option to encrypt message content (payload) on database level. This feature is supported for asynchronous messages that are saved on the IE message database using the staging function.

Using this option, always the complete payload of a message is encrypted on the database.

More information:

Reducing Storage Duration of Data

Messages sent by the IE to a sender (or canceled messages) are stored by default for 1 day (counted from the time when the message was either sent successfully or canceled). You can change the storage duration according to your needs. To increase data protection, you can in particular decrease the storage duration.

To do that, perform the steps described under Archiving and Deleting .

Deleting Data

The standard procedure to clean up the message storage is to schedule the delete job in a reasonable way as described above.

Access Protection

You can prevent unauthorized users from displaying sensitive message content in message monitoring.

You can use the tools in transaction SXMB_MONI for message monitoring.

More information: Monitoring the Integration Engine

To prevent misuse, restrict access permission to authorized users.

More information: Roles (AS ABAP)

Change Protection

You can prevent unauthorized users from modifying message content.

Users with specific permissions can edit messages and re-start processing the modified message.

More information: Editing Messages

The following parts of a message can be modified:

  • Header

  • Payload

To prevent from misuse, make sure that the authorizations to edit messages are not granted to unauthorized users.

To edit messages in monitoring, you need the SAP_XI_MESSAGE_MODIFY and SAP_XI_BPE_MONITOR_ABAP roles. Both are part of the SAP_XI_MONITOR_ENHANCED composite role.

Logging Data Access

When you have encrypted message content on database level (see above), access to message content is logged with the Security Audit Log tools of AS ABAP.

More information: Security Audit Log