Show TOC

Background documentationData Storage Security

 

Using Logical Paths and File Names to Protect Access to the File System

Master Data Governance saves data in files in the file system. Therefore, it is important to explicitly provide access to the corresponding files in the file system without allowing access to other directories or files (also known as directory traversal). This is achieved by specifying logical paths and file names in the system that map to the physical paths and file names. This mapping is validated at runtime and if access is requested to a directory that does not match a stored mapping, then an error occurs. In the application-specific part of this guide, there is a list for each component of the logical file names and paths, where it is specified for which programs these file names and paths apply.

Activating the Validation of Logical Paths and File Names

The logical paths and file names are entered in the system for the corresponding programs. For downward compatibility, the validation at runtime is deactivated by default. To activate the validation at runtime, maintain the physical path using the transactions FILE (client-independent) and SF01 (client-dependent). To determine which paths are used by your system, you can activate the appropriate settings in the Security Audit Log.

More Information

For information about data storage security, see the SAP NetWeaver Security Guide at Start of the navigation path http://help.sap.comInformation published on SAP site Next navigation step SAP NetWeaver Next navigation step Release/Language Next navigation step SAP NetWeaver Library Next navigation step Administrator’s Guide Next navigation step NetWeaver Security Guide Next navigation step Security Guides for the Operating System and Database Platforms End of the navigation path