With the reginfo file you can control the registration of external programs in the gateway.
Certain programs can be allowed to register from an external computer by specifying the relevant information. You can also control access to the registered programs and cancel registered programs.
You have set parameter gw/reg_info (see Security Parameters).
Create file reginfo in your chosen location in the file system (defined by gw/reg_info)
Entries in the file must satisfy the following syntax:
TP=<tp> [HOST=<host name>,...] [NO=<n>] [ACCESS=<host name,...>] [CANCEL=<host name,...>]
Comment lines begin with '#'
The individual options can have the following values:
· TP name (TP=): maximum 64 characters, blank characters not allowed.The wild card character * stands for any number of characters; the entry *therefore means no limitation, fo* stands for all names beginning with fo; foo stands precisely for the name foo.
· Host name (HOST=, ACCESS= and/or CANCEL=): The wild card character * stands for any host name; *.sap.com for a domain; sapprod for the host sapprod.
· IP address (HOST=, ACCESS= and/or CANCEL=): Instead of host names you can also use IP addresses. Examples of valid addresses are:
¡ All address strings 1.2.3.4
¡ A:B:C:D:E:F:1:2
¡ A:B:C:D:E:F:1.2.3.4
¡ A:B
¡ Standard address prefixes 192.1.1.3/12
¡ A:B:C:D:E:1:2/60
¡ Old SAProuter wild cards 192.1.1.*
¡ 192.1.1.101xxxxx
· Number (NO=): Number between 0 and 65535. If the TP name has been specified without wild cards, you can specify the number of registrations allowed here.
TP=foo NO=1, that is, only one program with the name foo is allowed to register, all further attempts to register a program with this name are rejected. If this addition is missing, any number of servers with the same ID are allowed to log on.
To control access from the client side too, you can define an access list for each entry. This is a list of host names that must comply with the rules above. Though the '*' is not permitted. If no access list is specified, the program can be used from any client.The local gateway where the program is registered always has access.
What is important here is that the check is made on the basis of hosts and not at user level.
TP=foo ACCESS=*.sap.com
Program foo is only allowed to be used by hosts from domain *.sap.com. Access attempts coming from a different domain will be rejected. Of course the local Web AS is allowed access.
To permit use by registered servers from the local Web AS only, the following entry must be made in the file.
TP=* ACCESS=local [CANCEL=local]
To control the cancellation of registered programs, a cancel list can be defined for each entry (same as for the ACCESS list). If no cancel list is specified, any client can cancel the program.The local gateway where the program is registered can always cancel the program.
In the gateway monitor (transaction SMGW) choose Logged on Clients, use the cursor to select the registered program, and choose Goto ® Delete Client.
The RFC library provides functions for closing programs. If this client does not match the criteria in the CANCEL list, then it is not able to cancel a registered program. No error is returned, but the number of cancelled programs is zero.
Examples of valid entries
Entry |
Meaning |
TP=* HOST=* |
All registrations allowed |
TP=foo* HOST=* |
Registrations beginning with foo and not f or fo are allowed |
TP=foo* |
All registrations beginning with foo but not f or fo are allowed (missing HOST rated as '*') |
TP=* HOST=*.sap.com |
All registrations from domain *.sap.com are allowed |
TP=* ACCESS=*.sap.com |
Only clients from domain *.sap.com are allowed to communicate with this registered program (and the local Web AS is always allowed to). |
TP=* ACCESS=local |
Only clients from the local Web AS are allowed to communicate with this registered program. |