Paramètre SAP rfc/callback_security_method - Reject RFC callbacks using whitelist

Parameter
rfc/callback_security_method

Short text
Permit or deny execution of RFC callbacks in accordance with configuredwhitelist and write corresponding entry in Security Audit Log.

Parameter description

  • Value 0: ,,Emergency mode (fallback).

  • If callbacks have been forbidden by a previous call of the functionmodule RFC_CALLBACK_REJECTED, the callback is rejected. Otherwise, thecallback is executed.
    All whitelist entries for RFC callbacks (including the active entires)are ignored.
    • Value 1:,,Default mode (compatibility mode).

    • If callbacks have been forbidden by a previous call of the functionmodule RFC_CALLBACK_REJECTED, the callback is rejected.
      If the callback is forbidden by an active whitelist, it is rejected.
      In all other cases, the callback is permitted.
      Every permitted callback is logged in the Security Audit Log with a"non-critical" (green) entry. Every rejected callback is logged with a"critical" (red) entry.
      • Value 2:,,Simulation Mode.

      • If callbacks have been forbidden by a previous call of the functionmodule RFC_CALLBACK_REJECTED, the callback is rejected.
        If the callback is forbidden by an active whitelist, it is rejected.
        In all other cases, the callback is permitted.
        Every rejected callback is logged with a "critical" (red) entry in theSecurity Audit Log. Every permitted callback, which would have beenrejected if the whitelist had been activated, is also logged with a"critical" (red) entry in the Security Audit Log. All other permittedcallbacks are logged with a "non-critical" (green) entry.
        • Value 3:,,Most Secure Mode:

        • If callbacks have been forbidden by a previous call of the functionmodule RFC_CALLBACK_REJECTED, the callback is rejected.
          If the callback is forbidden by an active or inactive whitelist, it isrejected. (Note that, in this mode, an inactive whitelist has the sameeffect as an active whitelist.)
          In all other cases, the callback is permitted.
          Every rejected callback is logged with a "critical" (red) entry in theSecurity Audit Log. Every permitted callback is logged with a"non-critical" (green) entry.

          Work area
          None.

          Parameter unit
          None.

          Who is allowed
          Everyone.

          Limitation for os
          None.

          Limitation for db
          None.

          Other parameter
          None.

          Valid_values
          0, 1, 2, 3.