You can use Access Control Lists (ACL) to grant users and user groups access rights for the resources in the DTR. However, if you want to store highly sensitive data in the DTR, we recommend that you set up a dedicated DTR server. Restrict access to this server directly at the SAP Web AS (Java) level.
One of the basic design concepts of the NWDI is to provide a development infrastructure that can handle any type of development. Consequently, the CBS can be enhanced with instructions to build any type of development object. This could allow unauthorized persons to infiltrate the CBS server with malicious instructions and execute them.
To minimize potential risks, we recommend that you install the CBS server in a protected network environment. Restrict the communication routes of the CBS server as appropriate for NWDI operations.
For information on data security in CMS, see File Access Rights for the NWDI Transport Directory.