on 06-28-2013 3:11 PM
Hi experts,
According to GRC Access Control Installation Guide section '7.3 Checking SAP ICF Services' step 2, it says: 'Activate all services under /sap/bc/webdynpro/sap'.
I hope i don't missunderstand that SAP not really wants customers to activate every service, since this would be a huge security incident.
I just want to use Access Control (EAM) and all related services for nwbc-webdynpros.
Do you have some guidance or best practice to the most relevant services i have to activate?
On the other hand, i could single activate relevant services until i eliminate all errors i face, however i'm interested whats the best move to take here.
We are running GRC Foundation on our productive Solution Manager, so i want to keep it as short as possible, while keeping all minimum required services.
Thank you for your thoughts.
With kind regards,
Matthias Stadler
Hi Matthias,
I agree with Coleen here. That is the best approach if you have the time and space to be able to do that.
Since you mention that you've deployed in conjunction with Solution Manager, I hope you've also checked fully the conflicts between the two components?
Good luck whenever you have to upgrade & I really hope you're not intending to use some of the more advanced functions or Process Controls!!
S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matthias
As Prasant mentioned you can work your way down the tree and only do those. Make sure you activate the NWBC and also FDT_WORKBENCH (BRFplus) if you are using business rules for other functionality. If you are using WF, you will need to find all the MSMP services as well.
I agree about limiting SICF to only use ones your require. The more restrictive your are, the more HTTP service errors you will receive (some webdynpro screen loads others). You options are
You can also consider adding S_ICF authorisation and maintaining additional security check that way as well (there is an authorization field in the service configuration).
My approach was to attempt to go through the pain and document them so I had a full list of services for testing and troubleshooting.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
you can activate specific to EAM only if you require only for EAM.
you can drill down the tree of ICF web service and slect the required services to get activated.
REgards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.