There are several security aspects you need to consider when configuring the option to give feedback.
Authorization Object | Field | Value | Description |
---|---|---|---|
S_ADMI_FCD |
S_ADMI_FCD |
PADM |
These authorizations are required to allow the ICM to load the ChipCert.pse file. |
S_APPL_LOG |
ACTVT |
03 |
These authorizations are required to display the entries that the end-user feedback function writes to the application log. |
ALG_OBJECT |
/UI2/BE |
||
ALG_SUBOBJ |
/UI2/INTEROP |
||
S_DATASET |
ACTVT |
06 |
These authorizations are required to import the ChipCert.pse file and the Baltimore CyberTrust Root.cer certificate. |
33 |
|||
34 |
|||
FILENAME |
* |
||
PROGRAM |
SAPLSSFM |
||
SAPLSSFP |
|||
SAPLSSFR |
|||
S_DEVELOP |
ACTVT |
03 |
These authorizations are required to import the ChipCert.pse file and the Baltimore CyberTrust Root.cer certificate. |
DEVCLASS |
/UI2/SERVICES_INTEROP_700 |
||
OBJNAME |
Leave empty |
||
OBJTYPE |
SMIM |
||
P_GROUP |
Leave empty |
||
S_GUI |
ACTVT |
61 |
These authorizations are required to display the entries that the end-user feedback function writes to the application log. |
S_RFC_ADM |
ACTVT |
02 |
These authorizations are required to create an RFC connection to the SAP cloud service that collects the end-user feedback. |
ICF_VALUE |
Leave empty |
||
RFCDEST |
SAP_USER_FEEDBACK_HTTPS |
||
RFCTYPE |
Leave empty |
||
S_RZL_ADM |
ACTVT |
01 |
These authorizations are required to import the ChipCert.pse file and the Baltimore CyberTrust Root.cer certificate. |
S_TABU_DIS |
ACTVT |
02 |
These authorizations are required to import the ChipCert.pse file. |
DICBERCLS |
SCUS |
This is done to remove the specific authorizations needed to set up the end-user feedback. After removing transaction /UI2/FEEDBACK_SETUP, you need to regenerate the authorization profile in transaction PFCG
The program to configure the option to give feedback performs security-relevant steps.
In the Configuration of RFC Connections (transaction SM59), the program creates HTTP destination SAP_USER_FEEDBACK_HTTPS under HTTP Connections to External Server.
All feedback data is transferred to SAP via an HTTPS encrypted connection. To make sure the data is only sent to the legitimate SAP service, the certificate of the target server is verified. To trust SAP’s service, you need to import the certificate of the issuing certification authority (CA) “Baltimore CyberTrust”. Note that this trust is client-independent.
You can import this certificate automatically using the checkbox provided by the program /UI2/USER_FEEDBACK_SETUP. The tool takes the certificate from the MIME repository.
You can also import the certificate manually:
After the import, the program triggers the Internet Connection Manager (ICM) to take the Baltimore CyberTrust Root.cer certificate into account. This means that outgoing HTTPS connections to servers with certificates issued by the "Baltimore CyberTrust Root" certificate authority are allowed.
For more information on SSF and PSE, see SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver .