GENERATE SUBROUTINE POOL Security Issues
I have a design for a generic rules engine that requires the evaluation of simple ABAP statements at runtime (the statements are stored in a z-table).
I want to use GENERATE SUBROUTINE POOL to wrap these statements in a FORM/ENDFORM which I can then execute at runtime. I also want to use SYNTAX-CHECK FOR on the dynpro that the end-user will use to edit the ABAP statements.
First, I realize the user could put statements into the code that could be damaging so there would have to be a review process in place. But other than that, are there any special security issues that have to be considered to run this statement?
Second, does the end-user need any special security config to run SYNTAX-CHECK FOR? The online help for both of these statements doesn't address any security concerns.
OK - well, you have my security concerns.