Solved: Whitelist for dynamic destination SM59

Former Member · ‎04-10-2014

Hi All,

In SM59 screen, i see an red alert symbol No RFC call back check (rfc/callback_security_method undefined).

Also an entry Whitelist for dynamic destination

What are these entries? Is this required?

Can these entries(Whitelist) be removed from the the screen?

rfc/callback_security_method is dynamically switcable but not able to change the value to from RZ11. Does this needs to be declared in profile parameter first? If so what value needs to be set?

Kindly let me know, I read the documentation for rfc/callback_security_method. Not sure what value to be set.

Parameter

rfc/callback_security_method

Short text

Permit or deny execution of RFC callbacks in accordance with configured whitelist and write corresponding entry in Security Audit Log.

Parameter Description

Value 0: Emergency mode (fallback).

If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected. Otherwise, the callback is executed.

All whitelist entries for RFC callbacks (including the active entires) are ignored.

Value 1: Default mode (compatibility mode).

If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected.

If the callback is forbidden by an active whitelist, it is rejected.

In all other cases, the callback is permitted.

Every permitted callback is logged in the Security Audit Log with a "non-critical" (green) entry. Every rejected callback is logged with a "critical" (red) entry.

Value 2: Simulation Mode.

If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected.

If the callback is forbidden by an active whitelist, it is rejected.

In all other cases, the callback is permitted.

Every rejected callback is logged with a "critical" (red) entry in the Security Audit Log. Every permitted callback, which would have been rejected if the whitelist had been activated, is also logged with a "critical" (red) entry in the Security Audit Log. All other permitted callbacks are logged with a "non-critical" (green) entry.

Value 3: Most Secure Mode:

If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected.

If the callback is forbidden by an active or inactive whitelist, it is rejected. (Note that, in this mode, an inactive whitelist has the same effect as an active whitelist.)

In all other cases, the callback is permitted.

Every rejected callback is logged with a "critical" (red) entry in the Security Audit Log. Every permitted callback is logged with a "non-critical" (green) entry.

Regards

Shashi

Former Member · ‎06-27-2014

Hi,

I think you are not able to switch rfc/callback_security_method parameter due to sap user roles missing. Can you attach the error you get once you try to edit this parameter?

In case you wanto to switch the parameter rfc/callback_security_method to 2 please notice that you have to create the audit log from SM19 transaction before.

Moreover take into account that it still not possible to set rfc/callback_security_method=3 due to a bug with the transportation tool. See note 1992755 http://service.sap.com/sap/support/notes/1992755

Regards.

Antonio

Sriram2009 · ‎08-20-2014

Hi

Just check this SAP Note for you issue

1971118 - No RFC callback check

BR

SS

Whitelist for dynamic destination SM59

Parameter

Short text

Parameter Description

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Re: DRC e-Cockpit Add a New Button

Re: DRC e-Cockpit Add a New Button

how can we mention virtual host in amqp adapter

Re: Scheduled Report shows successful status; but ...

Re: print open lines sales order sap b1 using crys...