Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unauthorised users accessing iviews through a direct URL

Former Member

‎02-25-2010 6:30 AM

0 Kudos

Hi,

How do you prevent unauthorised users from accessing iviews through a direct URL? e.g. From the BeX Web Template on testing a query a URL is known, this URL can then be used by user who have no rights to view/ execute this report (after portal logon).

Can security zones be defined for the BeX iviews? If yes, how? Does setting the parameter Dcom.sap.nw.sz=true solve the problem?

Appreciate your input.

Many thanks,

Dharmi

9 REPLIES 9

Former Member

‎03-01-2010 6:31 AM

0 Kudos

Hello,

Any ideas/ inputs?

Regards,

Dharmi

Former Member

‎03-01-2010 1:16 PM

0 Kudos

Portal Catalog, open the iView editor and set the property 'Authentication Scheme' to required value.

I assume you have idea of portal role creation, assignment of Users groups with required permission.

Go to permission editor: 'System Administration' -> 'Permissions' -> 'Portal Permissions'.

folder: 'Security Zones' -> 'sap.com' -> 'NetWeaver.Portal' -> 'high_safety'

Cheers,

Bharath.

Former Member
In response to Former Member

‎03-03-2010 12:25 PM

0 Kudos

Hi Bharath,

Thank you for the input.

Can you please be more specific as to which BW component ?

I navigated to

Go to permission editor: 'System Administration' -> 'Permissions' -> 'Portal Permissions'.

folder: 'Security Zones' -> 'sap.com' -> 'NetWeaver.Portal' -> 'high_safety'

There the rights are ok.

Best regards,

Dharmi

Former Member

‎03-05-2010 6:55 AM

0 Kudos

Hi,

Setting the parameter -Dcom.sap.nw.sz=true does not help! Is this a kind of bug?

Regards,

Dharmi

Former Member
In response to Former Member

‎03-05-2010 7:14 AM

0 Kudos

Hi,

This is the [problem|/message/8814902#8814902 [original link is broken]] we are experiencing, can somebody help in solving this issue from the portal side.

As, already mentioned in the earlier post , setting the parameter didn't help. The security zone for the BWReport is on Low_Safety, can that be changed to High_Saftey? How?

Thank you in advance.

Best regards,

Dharmi

Former Member
In response to Former Member

‎03-06-2010 9:20 PM

0 Kudos

I guess you are going to have to give the users correct authority on the backend system...

What you could try to do it log the gateway in transaction SMGW and trap the program ID's. But I think that will mean a lot of hassle and maintenance and you will quickly have a headache trying to get it right at that level for many users.

Cheers,

Julius

Former Member
In response to Former Member

‎03-07-2010 9:48 AM

0 Kudos

Thank you Julius. Do you have any idea how the problem could be solved from the portal side?

Regards,

Dharmi

Former Member

‎06-09-2010 8:12 AM

0 Kudos

How Tou2026Configure Permissions for initial content in SAP NetWeaver Portal - helps in solving this issue.

Former Member

‎06-16-2010 5:42 AM

0 Kudos

Hi

Try to have a look table HTTP_WHITELIST.

Perhaps this can resolve your issue