Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

ABAP Proxy Generated Classes - Security Checks

timurc
Explorer
0 Kudos
251

Hello all,

I have a question about ABAP proxy consumer classes.

If you generate consumer classes from a SAP PI-ESR via SPROXY transaction, do you need to explicitly build in authentication checks before calling the ABAP proxy method?

So by means of "AUTHORITY-CHECK OBJECT <object>" and own Z-/Y--authorization objects?

Is there a recommendation or a rule? Unfortunately I did not find anything in the SNOTES.

Only the protection by SOAMANAGER. But this refers, as I understand it, only to the technical user.

Could you please send me SNOTES links or other sources?

Thank you very much.

1 REPLY 1

thkolz
Contributor
0 Kudos
189

From my point of view, the connection between SAP ERP and PI should be already considered as being secure.
Anyways it’s just using the technical user to connect to PI.

Of course you can perform an authority check on ERP side to make surr the user running the program etc. is allowed to call the proxy.
But this needs only to be done if you call the proxy in dialog mode.