Authorizations for Starting External Programs

You can prevent unauthorized access to external programs by either specifying the file secinfo in the data directory of the gateway instance or by setting the profile parameter gw/rem_start (see Parameterization of the SAP Gateway).

This file is not available in the standard system - this means that all programs can be started by any user. By accessing the SAP gateway from the network unauthorized users can execute all operating system commands on an SAP system.

If this file is available but does not contain any entries, no program at all can be started.

To control access to external programs, we strongly recommend a secinfo configuration of the SAP system.

Maintain the secinfo file in the data directory of the gateway instance. The syntax of the entries is as follows:

USER=<user>, [PWD=<pwd>,] [USER-HOST=<user_host>,] HOST=<host>,TP=<tp>;

Use a line of this format to allow the user <user> to start the <tp>  program on the host  <host>.

The level of authorization checking performed can be increased by specifying PWD and/or USER-HOST.

USER=mueller,    HOST=hw1414,      TP=test;

The user mueller can execute the test program on the host hw1414.

USER=hugo, PWD=pass, USER-HOST=hw1234,  HOST=hw1414, TP=prog;

The user hugo can execute the prog program on the host hw1414, as long as he has logged on to the Gateway from host hw1234 and has used the CPI-C call CMSCSP to set the security password to pass.

If the user has used the CMSCSU call to set the security user, then this is also used for checking.

The '*' character (wild card) can be used as a generic specification for any of the parameters.

If either of PWD or USER-HOST are not specified, the value '*' is assumed.

All users should be allowed to execute the test program on the host hw1414: USER=*,HOST=hw1414,TP=test;

You can display the current list of security entries using the SAP Gateway Monitor and you can update this display at any time (see Monitoring and Error Handling of the SAP Gateway)..

Section Authorizations for Registering External Programs with the SAP Gateway describes how to register external programs with the SAP Gateway.