Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Back door security threat for Portal Developers

Former Member
0 Kudos

Wanted to ask the Portal Security Experts if they know of a back door security threat for Portal Developers access personnel data or User Master tables in ABAP.

We have our Portal Team developing the Portal Roles and also assigning them to the Users.

Is there a way that this Team can access data in the back end ABAP systems/tables from the front end?

Any help would be appreciated.

Thanks.

Chris

5 REPLIES 5

Former Member
0 Kudos

Chris,

Portal developers will not be able to see any data until they have access to the backend abap system. So I would not give them access (a userID) to the abap system as they don't need it (atleast for the Q and Production environments as they contain critical data). If they have access to it they can look at the data by creating an iview. If the user dosen't exist in the backend system the iviews won't work for the users.

Naveen

0 Kudos

Hi Naveen,

Even though the portal guys can create a transactional iview pointng the backend apap system, they still need auhtorization in the bcakend system for that particular transaction code for which the iview is created.

Thanks.

0 Kudos

Neha,

You are right and That was my point too, If the portal guy dosen't even have access to backend system he will not be able to see any data.

Naveen

0 Kudos

OK, thanks Neha and Naveen. You both confirmed my conclusion.

Thanks for your help!

Chris

Former Member
0 Kudos

Question answered