Security and Identity Management
Page tree
Skip to end of metadata
Go to start of metadata

Secinfo restrictions set to local or identical host by default


It would be more secure if the secinfo file were set to USER-HOST=local or USER-HOST=identical by default in the standard system, and any additonal entries for starting external programs via the gateway be dealt with as exceptions during the implementation of the system / external software. The standard application authorizations can then be used to contain the access of the user.

2 Comments

  1. Wolfgang Janzen

    I'm totally in favor of such a change (and I'm sure that in more than 99% of all cases that default setting would match the actual requirements). But changing the existing system behavior might be only possible for the next major releases since it's an incompatible change (effecting the < 1%).

  2. Former Member

    Thanks Wolfgang. Unfortunately we need to gain support from the ignorant 99% for this default...

     Perhaps within SAP this responsibility can be placed correctly and implemented without disruptions for the 1%?

    For internal considerations, customers who have attempted it tried the user name restriction first (not of much use...) and have changed the path to maintain them centrally for a landscape.

    Cheers,

    Julius