Solution : https://service.sap.com/sap/support/notes/1391655 (SAP Service marketplace login required)
Summary :
The SAP Note addresses an issue with missing authorization checks in SAPFTP, pointing out that no verification is executed when the external program begins. It is essential for system security that authorized access to this program is ensured. The note specifies implementation of an access control list at the SAP gateway to manage this, outlining different scenarios based on destination settings. Security configurations require maintenance in a "secinfo" file. Steps include maintaining appropriate entries based on scenario needs, setting profile parameters, activating the "secinfo" configuration, and maintaining logs as necessary to uphold security protocols.
Key words :
/saphelp_nw04/helpdata/en/5a/c03a069d3811d188a70000e83539c3/content, goto->expert functions->external security->read, /saphelp_nwpi71/helpdata/en/48/b2096b7895307be10000000a42189b/frameset, /usr/sap/<sid>/data/secinfo, sap gateway access control lists, goto->expert functions->logging, include authorization checks based, access control list, authorization check reason, front end machine
Related Notes :
| 1305851 | Overview note: reg_info and sec_info |
| 1298433 | Bypassing security in reginfo & secinfo |
| 93042 | Problems with SAPFTP |