04-23-2008 1:57 PM
Wanted to ask the Portal Security Experts if they know of a back door security threat for Portal Developers access personnel data or User Master tables in ABAP.
We have our Portal Team developing the Portal Roles and also assigning them to the Users.
Is there a way that this Team can access data in the back end ABAP systems/tables from the front end?
Any help would be appreciated.
Thanks.
Chris
04-23-2008 3:54 PM
Chris,
Portal developers will not be able to see any data until they have access to the backend abap system. So I would not give them access (a userID) to the abap system as they don't need it (atleast for the Q and Production environments as they contain critical data). If they have access to it they can look at the data by creating an iview. If the user dosen't exist in the backend system the iviews won't work for the users.
Naveen
04-23-2008 8:57 PM
Hi Naveen,
Even though the portal guys can create a transactional iview pointng the backend apap system, they still need auhtorization in the bcakend system for that particular transaction code for which the iview is created.
Thanks.
04-24-2008 3:53 PM
Neha,
You are right and That was my point too, If the portal guy dosen't even have access to backend system he will not be able to see any data.
Naveen
04-24-2008 8:24 PM
OK, thanks Neha and Naveen. You both confirmed my conclusion.
Thanks for your help!
Chris
04-24-2008 8:24 PM