Further Security-Related Topics
This section describes additional security-related tasks or topics that you have to consider if you want to operate a secure PI landscape.
More information:
-
Security Aspects of the PI Tools Plug-In (Eclipse)
Using this tool, you can, for example, configure integration content intuitively based on integration flows.
-
Authorization Checks by Local Integration Engine in Receiver Systems
You can configure interface operation-specific authorization checks for inbound messages processes by the local Integration Engine in a receiver system. For more information, see SAP note 1416725
. -
Security Settings for Logging and Tracing Web Service Calls
You can configure security settings for logging and tracing to analyze why Web service calls fail.
More information:
-
Viewing Connectivity Log (for Application Server Java)
-
Web Service Logging and Tracing (for Application Server ABAP)
-
-
Cross-Site Request Forgery (XSRF) Protection
This section provides information on how manual cache refresh is protected against XSRF attempts.
-
Careful Usage of Full Cache Refresh
Performing a full cache refresh implies always a downtime of your production operation, during which no messages can be processed. Since a full cache refresh might take long time, this option should always be used carefully. It is recommended to de-activate this option after installation in order to prevent users from accidentally using the feature. You can de-activate the full cache refresh option by setting the property com.sap.aii.ibdir.server.cache.onhold to F. By default, the property is empty (all cache modes are enabled).
You can configure this property using SAP NetWeaver Administrator under
Configuration 
Infrastructure Java System Properties 
. On tab
Services search
for
XPI Service: AII Config Service, under
Extended Details search for the property.NoteYou need security role SAP_XI_ID_SERV_USER to perform a full cache refresh.