Task Gateway integration with SAP Gateway provides various security mechanisms.
Role templates exist for administrators and end users. For an overview of the templates available for these roles, see User, Developer, and Administrator Authorizations.
For more information about the role /IWPGW/RT_WF_USER for SAP Gateway Workflow User including the authorization objects required for working with SAP Gateway, see Roles in the SAP Gateway Landscape and refer to the section Assignments of Authorization Objects.
In Role Maintenance (transaction PFCG), the template /IWPGW/RT_WF_USER for SAP Gateway Workflow User includes information to be maintained at user group level under User Master Maintenance: User Groups. For Activity, the template is defined with the value 03 for Display authorizations and you can change this value to suit your requirements. Furthermore, you can define appropriate values for user groups.
For each Task Gateway provider, specific security aspects might need to be taken into consideration.
For SAP Business Workflow, see Security Aspects for Workflow
For SAP Business Process Management (BPM), see the SAP NetWeaver documentation about Security Aspects for BPM.
For information about My Inbox implementation, see http://help.sap.com/fiori_bs2013/helpdata/en/41/fd595461fce630e10000000a44538d/content.htm.
For Unified Inbox no additional set-up is required as the existing Task Gateway aspects are taken into consideration.
SAP recommends accessing Unified Inbox via HTTPS connection. If the Unified Inbox application is configured through HTTPS, all the task applications should be available via HTTPS.
If customers are using mixed content (HTTPS as well as HTTP) it may happen that the used browser prevents the task application from being displayed.
See also SAP Note 2034640 .
Task Gateway attachments are verified using the standard SAP virus scan interfaces. For more information, see the SAP NetWeaver documentation about SAP Virus Scan Interface.
For more information, see Security for Additional Applications