cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Services in /sap/bc/webdynpro/sap for AC

Former Member

on ‎06-28-2013 3:11 PM

0 Kudos

Hi experts,

According to GRC Access Control Installation Guide section '7.3 Checking SAP ICF Services' step 2, it says: 'Activate all services under /sap/bc/webdynpro/sap'.

I hope i don't missunderstand that SAP not really wants customers to activate every service, since this would be a huge security incident.

I just want to use Access Control (EAM) and all related services for nwbc-webdynpros.

Do you have some guidance or best practice to the most relevant services i have to activate?

On the other hand, i could single activate relevant services until i eliminate all errors i face, however i'm interested whats the best move to take here.


We are running GRC Foundation on our productive Solution Manager, so i want to keep it as short as possible, while keeping all minimum required services.

Thank you for your thoughts.
With kind regards,

Matthias Stadler

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

simon_persin4
Contributor
‎07-02-2013 5:11 PM
0 Kudos

Hi Matthias,

I agree with Coleen here. That is the best approach if you have the time and space to be able to do that.

Since you mention that you've deployed in conjunction with Solution Manager, I hope you've also checked fully the conflicts between the two components?

Good luck whenever you have to upgrade & I really hope you're not intending to use some of the more advanced functions or Process Controls!!


S

Show replies
Show replies
Colleen
Advisor
Advisor
‎07-02-2013 9:16 AM
0 Kudos

Hi Matthias

As Prasant mentioned you can work your way down the tree and only do those. Make sure you activate the NWBC and also FDT_WORKBENCH (BRFplus) if you are using business rules for other functionality. If you are using WF, you will need to find all the MSMP services as well.

I agree about limiting SICF to only use ones your require. The more restrictive your are, the more HTTP service errors you will receive (some webdynpro screen loads others). You options are

  • Activate entire section as per manual
  • Do the ones you think are required and activate as you hit errors

You can also consider adding S_ICF authorisation and maintaining additional security check that way as well (there is an authorization field in the service configuration).

My approach was to attempt to go through the pain and document them so I had a full list of services for testing and troubleshooting.

Show replies
Show replies
former_member193066
Active Contributor
‎07-01-2013 11:58 AM
0 Kudos

Hello,

you can activate specific to EAM only if you require only for EAM.

you can drill down the tree of ICF web service and slect the required services to get activated.

REgards,

Prasant

Show replies
Show replies
Ask a Question