cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data protection in SAP MI Clients

Go to solution
Former Member

on ‎12-01-2006 9:18 AM

0 Kudos

Hello,

I have read this about sharing a MI Client between several users:

"If the applications on the mobile device require data protection or non-repudiation (for example, for time recording), the device should only be used by one user."

<b>Source</b>: http://help.sap.com/saphelp_nw04/helpdata/en/f4/b7863f445f4617e10000000a114084/frameset.htm

As far as I know, IBM DB2e supports data encryption and sharing a device should not be a big problem but since I read the quote above I am a little concerned.

Any help would be appreciated.

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-01-2006 9:43 AM
0 Kudos

Hi Lgnacio,

Yes what you said is correct.

DB2e is the data base used in MI client.

There is no such Restriction that only one user have to use one mobile(with MI application in it)

MI supports multiple users using one device in fact same mobile...

Take an example scenario......

USER1 will loginto his mobile with his username and password and work in the morning...

Now its turn of USER2 to use the same mobile(device) in night shift..he logs in with his username and password

User1 may get different application from USER2....its the administrators job to assign applications based on username(based on roles)

So according to me its not at all a problem to use the same device by multiple users..may be we need to take some care while using it...

Hope this is helpful.

Cheers,

Karthick

Show replies
Show replies
Former Member
‎12-01-2006 9:59 AM
0 Kudos

Thanks Karthick,

but...

> So according to me its not at all a problem to use

> the same device by multiple users..may be we need to

> take some care while using it...

Is not enough with DB2e encryption?

Can USER1 "steal" some USER2 data?

Thanks.

Former Member
‎12-01-2006 10:44 AM
0 Kudos

Hi Ignacio,

<Is not enough with DB2e encryption?>

DB2e is used in MI client as database..it should be enough for encryption.

<Can USER1 "steal" some USER2 data?>

Here there are two scenarios :

SCENARIO: 1

1) USER1 logsinto mobile X with his username and password..he will be able to see application which is assigned to him(this application cannot be viewed by USER2)

2) USER2 logsinto mobile X with his username and password..he will be able to view and work on the application which was assigned to him(this application cannot be viewd by USER1)

This scenario is valid when USER1 and USER2 uses different applications in one Device(Mobile)

Scenario: 2

1) USER1 and USER2 may use the same application in same Device in shifts(Morning Shift & Night Shift)...then the users should take care of the data as both use the same data...

But by administrator we can keep track of the USERS who are login or logout...

Generally the main advantage of MI is using the device with multiple users..(We can create multiple users by using on edevice)

Hope this is useful

Cheers,

Karthick

Former Member
‎12-01-2006 10:55 AM
0 Kudos

Thanks Karthick,

everything is clear now!

Regards.

Former Member
‎12-01-2006 3:02 PM
0 Kudos

Hi Ignacio,

Please, note that not all Mobile applications use DB2. Some of them, e.g. Mobile Travel Expenses and Time Sheets use another supported option, File I/O.

Data from those applications is exported / imported into .DAT files and User1 can steal data of User2, if (s)he has access to some utilities and the latter one didn't clear the files (via Reset Application) before logging from application off.

Best regards,

Laziz

Former Member
‎12-03-2006 5:51 AM
0 Kudos

Hi Ignacio,

Adding to the above points...Yes DB2e is not only data base used in client side but also FileI/O can be used, DB2e is mostly used as Data base in Client side.

Coming to stealing data of others...it is only possible when USER2 has access to view applications of USER1...in that case USER1 when logs off should reset the client i.e press the reset client button in <b>settings</b> ..which will reset all the data in client...so when USER2 logs in and try to access USER1 data he cannot see any data as the data has been reset...

When USER1 logs in again he can sync(Sync password will be different for both users) the client to get all the data downloaded to client and start working....

This all depends,if USERS have access to view others Applications...this are security things can be taken care by administrators.....

If this is not clear and if you need more explanation kindly revert back.

Cheers,

Karthick

Former Member
‎12-04-2006 11:20 PM
0 Kudos

hello ignacio, karthick,

the scenario 2 is invalid if taken as it is.

>Scenario: 2

>1) USER1 and USER2 may use the same application in same Device in shifts

>(Morning Shift & Night Shift)...then the users should take care of the data as both

>use the same data...

take note that there is a conversation ID concept in MI. this conversation IDs assigned

to a deployed applications to different users are unique. thus the same application

deployed to different users will have a different conversation IDs. device users will

only be able to work with the same set of data ONLY if the application explicitly

allow that by using the SHARED visibility. generally however, data will be stored

in the SEPARATE stores and data access to other application data is not allowed.

to protect your data, there are several mechanisms that you can employ and data

encryption is the most commonly used one. as mentioned DB2e has a support for

encryption. another way is to implement your own encryption on the application

level. i.e. encrypting the data when saving or setting it to the field, and decrypting

them when accessed. there's a performance tradeoff though...

regards

jo

Former Member
‎12-05-2006 4:33 AM
0 Kudos

Hi Jo,

Thanks for the additional information.

But i would like to know is Conversation ID some thing to do with username and password i.e. based username, Conversation ID are assigned or what.

Cheers,

Karthick

Former Member
‎12-05-2006 4:59 AM
0 Kudos

hello karthick,

yes, they are related. conversationID is generated by the middleware using infos

such as user and application. i think there are 3 factors (user, app and mobile id).

thus, the conversationID will be unique for every application assigned to every

devices and users...

hope this helps.

jo

Former Member
‎12-05-2006 5:11 AM
0 Kudos

Hi Jo,

Thanks for the info.

Cheers,

Karthick

Former Member
‎12-05-2006 8:12 AM
0 Kudos

Thanks Jo Gel,

I knew about DB2e encryption but I didn't know if it was enough. Now, I believe it is enough. Mostly because my client users are not computer experts and I am sure they will not try to use decryption techniques.

Best regards,

Ignacio.

Former Member
‎12-06-2006 5:54 AM
0 Kudos

hello ignacio,

if your application uses the SEPARATED data visibility and DB2e with encryption

enabled, i think is would suffice. however, if the encryption is not unique per user

it would still be very easy to swap data between conversation ids most esp for fileio. (this requires a deep understanding of the underlying layer though... )

just my 2 cents

jo

Answers (0)

Ask a Question