Working with White Lists

Use

Using white lists you store security-relevant settings for different actions on client cumputers within your system landscape.

Control ACFUpDownload

You must define the following in the white list:

in whcih local target directories files are stored which you can download from outside your system landscape and from which start servers it is allowed to download these files outside your landscape.
from which local start directories it is to be possible to upload files to locations outside you system landscape and to which target target servers outside of your landscape it is allowed to upload files.

Control ACFExecute

If files are to be executed (control ACFExecute), other settings must be made for the white list. In this case you must define

which types of files are to be allowed to be executed.
Which values the parameters can have that can possibly be copied over during the program call.

Office Control (Interface IF_IOS_PROJECT)

You must define the following in the white list:

In which local Target Directories files that you download from outside the system landscape can be stored.
from which local start directories from which it is to be possible to upload files to locations outside of your system landscape.

To be able to work with a white list, you first need a certificate for each affected SAP system. This certificate is created directly in the system and stored in table WDR_ACF_WL_CERT (see Creating Certificates). The certificate is needed later to decrypt encrypted whitelists on the client computer. The certificate must therefore be distributed to all client cimputers for which it is relevant (see Distributing Certificates to Client Computers).
The SAPCRYPTOLIB library must be installed. For more information, see SAP Note 455033 - SAPCRYPTOLIB. Use transaction STRUST to check the installation of SAPCRYPTOLIB and to determine if entry SAPCRYPTOLIB exists.

Depending on which control is to be used, you need to make the following (mandatory or optional) white list settings:


Control/Interface used	White list settings
`ACFUpDownload`	Mandatory: Target directory and Define start server (see Defining Downloads (Server -> Directory)) Start directory and Define target server (see Defining Uploads (Directory -> Server))
`ACFExecute`	Mandatory: Defining File Enhancements Defining Applications Optional: You can also make the following additional security-relevant restrictions: Defining Parameters Defining Parameter Values
Interface `IF_IOS_PROJECT` of OfficeControl Other interfaces of this control are not affected by the mandatory use of a white list.	Mandatory: Define the Target Directory (see Defining Downloads (Server -> Directory)) Define the Start Directory (see Defining Uploads (Directory -> Server))