reginfo "ACCESS" parameter, difference to secinfo?
I try to setup reginfo and secinfo in our system.
What I don't understand is, what means the "access" parameter in reginfo?
It is written, that it defines which client is allowed to communicate with the registered programm.
But isn't it exactly what I define normally in secinfo?
Isaias Freitas replied
P HOST=A ACCESS=B CANCEL=B TP=A
Changing to (should be all in one line):
P HOST=SERVER2 ACCESS=SERVER2,SERVER3,internal CANCEL=SERVER2,internal TP=MYTAX
So, any system running at "SERVER2" is allowed to register itself at SAP using the alias ("TP name", "program ID", "program name") "MYTAX".
- CANCEL argument
After it is registered, a de-registration request ("cancel") can be sent from "SERVER2" (the external system could be stopped for maintenance, so it must be allowed to cancel its own registration) or from any SAP instance that is part of this SAP system (this is what the keyword "internal" means) - SAP could be stopped as well, so it must be able to tell the external system to de-register itself in a "nice" way;
- ACCESS argument
SERVER2 itself can ask to communicate with the registered program MYTAX. Whether this is required or makes sense will depend on how the program works. No downsides if this is set, but not required.
Any system running at SERVER3 can connect to SAP and ask to communicate with MYTAX as well.
Any SAP instance that is part of this SAP system ("internal") is also allowed to communicate with MYTAX.
Nothing from the secinfo has influence here.
This is also explained at the WIKI, and the video for the reginfo rules is attached to the KBA 1850230.
Maybe a good tip is for you to determine what are you trying to protect:
- Is it an external system that will register itself at SAP? If yes, forget the secinfo and focus on reginfo;
- If it is an operating system level command that users need to execute on demand, forget the reginfo and focus on secinfo.