Skip to end of metadata
Go to start of metadata

Disabling RFC Gateway security

Removing the files defined at the gw/reg_info and gw/sec_info parameters will remove the security rules from the RFC Gateway.

If these files do not exist, the RFC Gateway reads the definition of the gw/acl_mode parameter. If it is set to, 1 only internal rules are enabled. Until your own RFC Gateway security rules are not correctly setup, it is possible to remove the reginfo and secinfo files and also set the parameter gw/acl_mode to 0 (zero) in order to avoid the security control (in such way, the parameter gw/reg_no_conn_info should not include the bitmask 16, see the SAP note 1444282) .

The combination of the above settings means that everything is allowed when starting external servers and registered servers. See the SAP note 1480644.

In summary, follow these steps in the same order as below:

  1. Move/Rename the reginfo and secinfo files;
  2. Ensure that the parameter gw/reg_no_conn_info does not include the bitmask value 16 (setting this parameter to zero achieves this);
  3. Set the parameter gw/acl_mode to zero.

Read this WIKI for assistance with reloading the security files at a Standalone RFC Gateway (like a RFC Gateway running at an SCS instance from a Java stack) without having to restart the RFC Gateway/instance.

OBSERVATION: If the parameter gw/acl_mode was changed before the files were moved, or if it was already set to zero, you need to trigger a manual reload of the security rules (transaction SMGW, menu Goto -> Expert functions -> External security -> read again) after moving/renaming the files.

OBSERVATION 2: If the program was already registered before the security features were disabled, it is necessary to restart the registered program (de-register and re-register it).
This is required because the RFC Gateway copies the related rule to the memory area of the program registration.
Thus, changes to the security settings only take effect after the registered program is restarted / re-registered.

IMPORTANT : It is not recommended to keep the RFC Gateway security disabled in production systems. Use this as an emergency workaround.
In order to implement the appropriate RFC Gateway security, read this WIKI.

 

 

<back to FAQ section>