Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Portal Add to Browser Favorites - security risk?

Hi All,

If I add a portal iview/page as a browser favorite in one system, it's saved with a navigation short url in the browser favorite.

Now, if I change the portal url to another system and access the favorite, I can still get to that iview/page though the role is not assigned to me in UM.

Something like this:

https://xxxx/irj/portal?NavigationTarget=navurl://cae686e04ffd1457bbf749d64f9bcc5d&sapDocumentRenderingMod…

It looks like a security risk to me.

Is it possible to prevent this? Short urls cannot be disabled now, because users have already been using this feature.

Any ideas/solutions/workarounds are appreciated.

Thanks in advance,

Raj

Tags:
Not what you were looking for? View more on this topic or Ask a question