Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using the authorization s_service

Go to solution
Former Member

‎03-01-2010 9:19 AM

0 Kudos

HI all ,

I want to protect a WS from malicious attack i want to use the authorization for s_service

but i see the following documentation for this service and for SRV_NAME - Hash value of the external service

How i can get this value i have tried with su22 with no success there is diff way ?

and what is the type of external service ?

The documentation

Definition

This authorization object is automatically checked when external services are started (not yet for all service types).

The Profile Generator automatically assigns authorizations if an external service is entered in a role menu.

Defined fields

SRV_NAME Hash value of the external service

SRV_TYPE Type of the external service

and one more thing is how i give the end user these authorization ,

which name i put in the authorization object?

Regards

James

Edited by: James Herb on Mar 1, 2010 10:24 AM

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎03-01-2010 9:26 AM

Hi James,

I'm not an expert on the use of S_SERVICE but you can get the hash value from table USOBHASH. This is populated once the service has been run.

11 REPLIES 11

Go to solution
Former Member

‎03-01-2010 9:26 AM

Hi James,

I'm not an expert on the use of S_SERVICE but you can get the hash value from table USOBHASH. This is populated once the service has been run.

Go to solution
Former Member
In response to Former Member

‎03-01-2010 11:36 AM

0 Kudos

HI Alex ,

How should i give to single user this authrisation object ?

Thanks

James

Edited by: James Herb on Mar 1, 2010 12:43 PM

Go to solution
Former Member
In response to Former Member

‎03-01-2010 11:48 AM

0 Kudos

Hi James,

Put it in one of the roles assigned to the user that this functionality belongs to. Your security admin will be able to help you with this

Go to solution
Former Member
In response to Former Member

‎03-01-2010 7:52 PM

0 Kudos

HI Alex

Thanks

i know that we need to add the authorisation to some role but how i give the hash ID to the auth object in design time (customizing ) .

assume that i have 2 services and i use the hash value for them.

i.e. I know that in some auth object we put for instance 2 for display and 3 for change etc but for hash value is diffrent

Regards

James

Go to solution
Former Member
In response to Former Member

‎03-02-2010 7:47 AM

0 Kudos

Please do not post "chained questions". This makes a mess for those who use the search and want to read the whole discussion in one thread.

This one is sufficiently different to your S_ICF question and already has answers now, but please avoid the redundancy in future.

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎03-02-2010 9:02 AM

0 Kudos

Hi,

Until you have the hash value you can't define the field values. Put a placeholder in your design docs and populate when you have that information

Go to solution
Former Member
In response to Former Member

‎03-03-2010 11:45 AM

0 Kudos

HI Alex,

Assume I add the authorization object to the WS i need after to add it to some role ,

how I do that for these auth object since i can use these authorization object in several of WS.

what i need to know is how to add this authorization object to role ,

for this specific authorization object .

Regards

James

Go to solution
Former Member
In response to Former Member

‎03-03-2010 12:30 PM

0 Kudos

Hi James, I'm afraid you have completely lost me on this one. Adding auth objects to a role is straightforward security admin stuff. Your security team will be able to help here.

Go to solution
sandi_ward2
Explorer
In response to Former Member

‎03-03-2010 10:14 PM

0 Kudos

Hi James

I'm not 100% clear on what you are asking, but this may help...

You add a WS to a role in PFCG, via the Add Authorisation Default on the Menu tab. The WS will only be available to be added after it has been activated and consumed.

Once added and saved, you go into the auth maintenace for the role and S_SERVICE will automatically be there, with the WS and hash code. You do not need to add the has code in, it is autopopulated.

Is this what you are getting at?

Regards

SW

Go to solution
Former Member
In response to Former Member

‎03-04-2010 1:27 PM

0 Kudos

If your WS are created for BOR objects in transaction BAPI, then I would suggest obtaining the authorization values in a test system with data in it, as you will be unlikely to see all the checks in a development system.

BAPI's will also makethe same or similar application checks as their SAPGui transaction counterparts, so once you have the hash, it makes sense to maintain the check indicators and proposals as well in SU24.

> for this specific authorization object .

So, you should add all the proposals and values for the specific webservice, in SU24. That way you only need to do it once and will most likely end up with all standard authorizations for all objects when the service is added to the role menu. This should be your goal.

You can optionally choose to maintain the WS roles in the test system, or ensure that the hashes remain the same for the services being developed.

Cheers,

Julius

Go to solution
Former Member

‎03-01-2010 12:47 PM

0 Kudos

S_Service is used for services added to the system with TCD SICF.

There is a difference in using the SRV_NAME Auth. Field depending on the version of SAP. Can you let us know your version.

In NW you can get the values by selecting the type of service you are trying to access. or as Alex said you can get those values from USOBHASH tables.

For consuming Web services you even require SAP_BC_WEBSERVICE_ADMIN and S_ICF_ADMIN Auth. Objects.

Cheers.

Bharath