Start of Content Area

Procedure documentation Restricting Access to Server Programs  Locate the document in its SAP Library structure

Use

If you use a registered or started RFC server (based on RFC SDK, NW RFC SDK, JCo, .NET Connector or Business Connector), there is always the risk that a user who is not authorized for the SAP system sends RFC calls to the external RFC program and then executes functions in this program or can read information that is returned.

You can prevent unauthorized access by setting up an authorization check either in the RFC server itself or using the SAP Gateway.

Prerequisites

To use the following procedure, the SAP system must fulfill the following prerequisites:

      SAP Kernel 7.00

      Patch Level 119

      ABAP Support Package 13

Procedure

The external RFC server normally executes its own authorization check when it receives an RFC call. This check can be based on the following mechanisms:

Note

Find a description of the required activities in the documentation of the relevant security product.

I fit is not possible to change your external server program in such a way that these functions can be used, the SAP Gateway provides an additional security mechanism using the secinfo file.

Proceed as follows:

 

      In the $DIR_DATAdirectory, create a file with the name secinfo.

Note

If you want to use another directory and/or file name, you can store the new filename in the gw/sec_info profile parameter.

The secinfo file is imported at system start. Each row can contain one or multiples of the following values:

       SAP user ID of the user to which the following security settings are to be assigned.

       Program ID that defines the RFC destination to which the user can send RFC calls.

       Host name (or IP address) from which an RFC call may be sent to the defined RFC destination.

       Host name (or IP address) to which RFC calls may be sent.

       Password that the RFC client specifies. The password is only required if there is communication between two external RFC programs.

Note

You can use the secinfo file either to explicitly permit or exclude access to external programs.

More Information

You can find detailed information about configuring and implementing the gateway in SAP Note 110612 and in the SAP Library:

      SAP Gateway

For a detailed introduction to setting up the secinfofile:

      Making Security Settings for External Programs

 

       

 

 

End of Content Area