03-01-2010 9:19 AM
HI all ,
I want to protect a WS from malicious attack i want to use the authorization for s_service
but i see the following documentation for this service and for SRV_NAME - Hash value of the external service
How i can get this value i have tried with su22 with no success there is diff way ?
and what is the type of external service ?
The documentation
Definition
This authorization object is automatically checked when external services are started (not yet for all service types).
The Profile Generator automatically assigns authorizations if an external service is entered in a role menu.
Defined fields
SRV_NAME Hash value of the external service
SRV_TYPE Type of the external service
and one more thing is how i give the end user these authorization ,
which name i put in the authorization object?
Regards
James
Edited by: James Herb on Mar 1, 2010 10:24 AM
03-01-2010 9:26 AM
03-01-2010 9:26 AM
03-01-2010 11:36 AM
HI Alex ,
How should i give to single user this authrisation object ?
Thanks
James
Edited by: James Herb on Mar 1, 2010 12:43 PM
03-01-2010 11:48 AM
Hi James,
Put it in one of the roles assigned to the user that this functionality belongs to. Your security admin will be able to help you with this
03-01-2010 7:52 PM
HI Alex
Thanks
i know that we need to add the authorisation to some role but how i give the hash ID to the auth object in design time (customizing ) .
assume that i have 2 services and i use the hash value for them.
i.e. I know that in some auth object we put for instance 2 for display and 3 for change etc but for hash value is diffrent
Regards
James
03-02-2010 7:47 AM
Please do not post "chained questions". This makes a mess for those who use the search and want to read the whole discussion in one thread.
This one is sufficiently different to your S_ICF question and already has answers now, but please avoid the redundancy in future.
Cheers,
Julius
03-02-2010 9:02 AM
Hi,
Until you have the hash value you can't define the field values. Put a placeholder in your design docs and populate when you have that information
03-03-2010 11:45 AM
HI Alex,
Assume I add the authorization object to the WS i need after to add it to some role ,
how I do that for these auth object since i can use these authorization object in several of WS.
what i need to know is how to add this authorization object to role ,
for this specific authorization object .
Regards
James
03-03-2010 12:30 PM
Hi James, I'm afraid you have completely lost me on this one. Adding auth objects to a role is straightforward security admin stuff. Your security team will be able to help here.
03-03-2010 10:14 PM
Hi James
I'm not 100% clear on what you are asking, but this may help...
You add a WS to a role in PFCG, via the Add Authorisation Default on the Menu tab. The WS will only be available to be added after it has been activated and consumed.
Once added and saved, you go into the auth maintenace for the role and S_SERVICE will automatically be there, with the WS and hash code. You do not need to add the has code in, it is autopopulated.
Is this what you are getting at?
Regards
SW
03-04-2010 1:27 PM
If your WS are created for BOR objects in transaction BAPI, then I would suggest obtaining the authorization values in a test system with data in it, as you will be unlikely to see all the checks in a development system.
BAPI's will also makethe same or similar application checks as their SAPGui transaction counterparts, so once you have the hash, it makes sense to maintain the check indicators and proposals as well in SU24.
> for this specific authorization object .
So, you should add all the proposals and values for the specific webservice, in SU24. That way you only need to do it once and will most likely end up with all standard authorizations for all objects when the service is added to the role menu. This should be your goal.
You can optionally choose to maintain the WS roles in the test system, or ensure that the hashes remain the same for the services being developed.
Cheers,
Julius
03-01-2010 12:47 PM
S_Service is used for services added to the system with TCD SICF.
There is a difference in using the SRV_NAME Auth. Field depending on the version of SAP. Can you let us know your version.
In NW you can get the values by selecting the type of service you are trying to access. or as Alex said you can get those values from USOBHASH tables.
For consuming Web services you even require SAP_BC_WEBSERVICE_ADMIN and S_ICF_ADMIN Auth. Objects.
Cheers.
Bharath