SAP Note 1487606 - IDoc inbound processing via HTTP/SOAP

Component : Integration Technology ALE - Internet Communication Framework

Solution : https://service.sap.com/sap/support/notes/1487606 (SAP Service marketplace login required)

Summary :
Unnecessary IDoc processing via HTTP or SOAP can occur due to improper activation of ICF services and insufficiently restrictive IDoc authorizations. The issue arises when either "/sap/bc/IDoc_XML" or "/sap/bc/srt/IDoc" services are enabled in SICF while users possess broad authorizations. This poses a risk, specifically under internet or intranet scenarios. To mitigate, evaluate the necessity of these services within your environment. If redundant, deactivate them via SICF. Monitor their usage via ICMan server logs in transaction "SMICM". Ensure that user authorizations in the software solutions utilizing these services are appropriately constrained. Additionally, restrict inbound IDocs using the authorization object B_ALE_RECV and its associated settings.

Key words :
/saphelp_webas620/helpdata/de/73/b5f99d019f11d5991400508b6b8b11/content, /saphelp_webas620/helpdata/en/73/b5f99d019f11d5991400508b6b8b11/content, additional application-specific authorization checks, application function modules assigned, simple object access protocol, internal user performs processing, symptom idoc inbound processing, http idoc inbound processing, idoc data takes place, /sap/bc/srt/idoc

Related Notes :

1504652
1487928Authorization check in HTTP IDoc inbound processing
1394100Security note: Access to RFC-enabled modules via SOAP
1394093Collective Security Note
626073Unreleased Internet Communication Framework services
93254RFC short dump RFC_NO_AUTHORITY
40689