Professional Documents
Culture Documents
More
Part 1: General questions about the RFC Gateway and RFC Gateway security.
reginfo ACL
Please make sure you have read at least part 1 of this series to be familiar with
the basics of the RFC Gateway and the terms i use to describe things.
The reginfo ACL contains rules related to ‘Registered external RFC Servers’.
Please note: In most cases the registered program name differs from the actual
name of the executable program on OS level. The related program alias also
known as ‘TP Name’ is used to register a program at the RFC Gateway.
◉ which RFC clients are allowed to talk to the ‘Registered Server Program’. This is
specified in ACCESS=.
► 2020 (177)
► 2019 (182)
► 2018 (155)
► 2017 (199)
► 2016 (71)
► 2015 (5)
► 2014 (2)
If its functionality is accessible from the AS ABAP we can verify by looking for a
► 2013 (4)
TCP/IP connection in transaction SM59 with Technical Settings – Activation Type
‘Registered Server Program’ the corresponding ‘Program ID’ and either no ► 2012 (3)
‘Gateway Options’ set or any of the RFC Gateway belonging to the same system:
sapabapcentral.blogspot.com/2021/02/rfc-gateway-security-part-2-reginfo-acl.html 2/6
10/21/21, 1:21 PM SAP ABAP Central: RFC Gateway security, part 2 – reginfo ACL
Popular Posts
Total Pageviews
888,495
sapabapcentral.blogspot.com/2021/02/rfc-gateway-security-part-2-reginfo-acl.html 3/6
10/21/21, 1:21 PM SAP ABAP Central: RFC Gateway security, part 2 – reginfo ACL
We can identify these use-cases by going to transaction SMGW -> Goto ->
‘Logged on Clients’ and looking for programs listed with ‘System Type =
Registered Server’ and ‘Gateway Host’ set to any ip-address or hostname not
belonging to the same server. The related program alias can be found in column
‘TP Name’:
If its functionality is accessible from the AS ABAP we can verify by looking for a
TCP/IP connection in transaction SM59 with Technical Settings – Activation Type
‘Registered Server Program’ the corresponding ‘Program ID’ and either no
‘Gatway Options’ set or any of the RFC Gateway belonging to the same system:
Please note: If the SAP NW AS ABAP has more than one application servers and
therefore also more than one RFC Gateway there may be scenarios in which the
‘Registered Server Program’ is registered at one specific RFC Gateway only. In
this case the ‘Gateway Options’ must point to exactly this RFC Gateway host. If
the ‘Gateway Options’ are not specified the AS will try to connect to the RFC
Gateway running on the same host.
For this scenario we would specify the following custom rule in the reginfo ACL,
e.g.,
sapabapcentral.blogspot.com/2021/02/rfc-gateway-security-part-2-reginfo-acl.html 4/6
10/21/21, 1:21 PM SAP ABAP Central: RFC Gateway security, part 2 – reginfo ACL
We look for programs listed with ‘Type = REGISTER_TP’ and ‘ADDR’ set to any ip-
address or hostname not belonging to the same server. The related program alias
can be found in column ‘TP’:
When ‘Registered Server Programs’ are going to be consumed by any RFC clients
we can find the relevant information about the RFC clients in question in the
gateway log.
For this scenario we would specify the following custom rule in the reginfo ACL,
e.g.,
sapabapcentral.blogspot.com/2021/02/rfc-gateway-security-part-2-reginfo-acl.html 5/6
10/21/21, 1:21 PM SAP ABAP Central: RFC Gateway security, part 2 – reginfo ACL
No comments:
Post a Comment
sapabapcentral.blogspot.com/2021/02/rfc-gateway-security-part-2-reginfo-acl.html 6/6