Further Security-Related Topics
This section describes additional security-related tasks or topics that you have to consider if you want to operate a secure PI landscape.
More information:
-
Logging Configuration Changes
For more information on how to activate the logging of configuration changes, see SAP note 1488770
. -
Authorization Checks by Local Integration Engine in Receiver Systems
You can configure interface operation-specific authorization checks for inbound messages processes by the local Integration Engine in a receiver system. For more information, see SAP note 1416725
. -
Security Settings for Logging and Tracing Web Service Calls
You can configure security settings for logging and tracing to analyze why Web service calls fail.
More information:
-
Viewing Connectivity Log (for Application Server Java)
-
Web Service Logging and Tracing (for Application Server ABAP)
-
-
Cross-Site Request Forgery (XSRF) Protection
This section provides information on how manual cache refresh is protected against XSRF attempts.
-
Careful Usage of Full Cache Refresh
Performing a full cache refresh implies always a downtime of your production operation, during which no messages can be processed. Since a full cache refresh might take long time, this option should always be used carefully. It is recommended to de-activate this option after installation in order to prevent users from accidentally using the feature. You can de-activate the full cache refresh option by setting the exchange profile parameter com.sap.aii.ibdir.server.cache.onhold to F. By default, the property is empty (all cache modes are enabled).
NoteYou need security role SAP_XI_ID_SERV_USER to perform a full cache refresh.