As a technical framework that enables changes to be made to business-critical interface data, the SAP Application Interface Framework is required to save user-related information that could be marked as personal, private, or confidential. The SAP Application Interface Framework provides you with authorizations you can use to limit access to this information.
The following user-related or potentially confidential data is saved and could be accessed using the SAP Application Interface Framework:
Single or multi message index table
The single or multi message index tables, which record aggregated information on a per-data-message-level, contain fields for the following:
The user name of the user that processed the message along with the date and time of the initial message processing
The user name of the user that last changed the message (restarted or canceled it) along with the date and time of the action
Data in the single or multi index tables is not visible on any screen in the SAP Application Interface Framework. It can only be accessed through direct database query or the ABAP dictionary.
Log of changes in error handling
Changes to a data message’s field values, which originated from the Monitoring and Error Handling
transaction, are recorded in a log table. The following information is saved:
The name and path of the changed field along with the old and new value
The user name of the user who initiated the change along with the date and time of the change
The change log data can be viewed in the Error Handling Changes Log
(transaction code /AIF/EDCHANGES), which you can access from the SAP Easy Access menu by choosing . The transaction enables the user to see a list of changes. It is only when the user selects a change
log entry and chooses to view the details that the user name of the user who made the change is displayed.
Note
This transaction is protected by authorization object S_TCODE.
Information contained in interface data
Depending on your interfaces, message data can contain personal, private, or confidential information. This information can be accessed by all users who have the authorization to display or change messages of the interface
in the Monitoring and Error Handling
transaction. If you identify such information and do not want the information to be available for error handling, you can define the corresponding structures as Hide Structures
. You do this in Customizing
for SAP Application Interface Framework
under .