Show TOC Start of Content Area

Background documentation Client-Side Incidents  Locate the document in its SAP Library structure

SAP NetWeaver Mobile provides security features that allow client-side incidents to be reported to the Data Orchestration Engine(DOE) administrator. In the DOE, SAP NetWeaver Mobile has classified the client-side incidents into various security codes.

For each security code, you can assign a severity level and a security level. The severity level that you assign enables the DOE to indicate a status for the relevant activity. The administrator can view this status in his or her inbox. The security level that you assign determines the action the DOE should perform on receiving the security level.

Security Codes

Each client-side activity, related to security, is assigned a security code and this code is a three-digit number. The security codes are explained in the table below:

Security Incident

Security Code

Description

000

Normal operation on the client. No security incident reported.

100

A client device user attempts unsuccessfully to log on to a mobile client

200

A client device user has performed an unauthorized operation on a client.

For example, if additional users must access a mobile client, they must first create an account on the client. When you start the client, an existing user must first log on to the client, and then log off. Only then can a new user create an account. Otherwise, the operation performed by the user is considered unauthorized.

300

A client device user attempts to enter invalid parameters at log on.

This situation occurs if the client device user forcefully attempts to log on to a mobile client, a typical case of hacking.

400

The data in a mobile client database has been changed without the user having logged on the client.

This situation occurs when a client device user has directly accessed the database, which is not allowed.

500

Maximum number of invalid login attempts exceeded.

This graphic is explained in the accompanying text

The number of invalid login attempts is three. If a user attempts to log on a mobile client and is unsuccessful for three consecutive times, the client enters this security code in the log file. On next successful synchronization of the client, this security code is reported to the DOE.

600

A client device user has deleted those files in a mobile client that contain security-related information.

Severity Level

For each security code, you can set a severity level. The severity level determines the status that must be displayed when the DOE receives the log file from the client. Following are the three severity levels that can be set:

·        Fatal (F)– The log display status is set to red.

·        Warning (W) –The log display status is set to yellow.

·        Information (S) – The log display status is set to green.

Security Level

For each security code, you can set a security level. The security level determines the action performed by the DOE when a particular security code is reported.

Security Level

Security Level

Action at the DOE

1

Logs the incident in SAP NetWeaver Mobile Administrator.

2

...

       1.      Logs the incident in SAP NetWeaver Mobile Administrator.

       2.      Sends an alert to the inbox of the administration portal.

       3.      Sends an alert to Computing Center Management System (CCMS).

More Information

Configuring Security Parameters in DOE

End of Content Area