Human Capital Management Blog Posts by Members
Gain valuable knowledge and tips on SAP SuccessFactors HCM suite and human capital management market from member blog posts. Share your insights with a post of your own.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Vendor creation error after security hardening updates to the system

DipakGhorpade
Discoverer
‎2024 Jun 28 3:04 PM
395

Hi,

We had a session on security hardening done in our ECC system by the SAP Basis team. As it was related to security hardening, from a vendor creation /update process perspective we were not much worried. The assumption was how was security hardening going to impact the process. And we were unpleasantly surprised while we tested in the QA environment.

Initial Analysis

We noticed that vendor update programs were going on error. There are certain programs to convert employee records to vendors. These were the first to go on error.

The error was something as below.

“ File ‘Filename’ is not in directory area ‘File path’ .”

Why the errors started?

As a part of the security guidelines by SAP released in 2021, Logical Path and File Names are to be used to protect Access to the File System. This is a part of feature which was already present before the upgrade. But it was backward compatible and was INACTIVE by DEFAULT. To activate this, we need to maintain the physical path using the transactions FILE (client-independent) and SF01 (client-specific). To add the aliases for the view V_FILEALIA, we can use transaction SM31.

So that security issues due to directory traversal are avoided, it is not possible to specify the target file system for the download directly in the syntax of the operating system. Instead you define one or more target directories as “logical files” and specify them in the configuration of the ABAP download service (see Maintaining Execution Parameters).

What was the config at vendor master which was failing.
The vendor master updation program RPRAPA00 uses path “/interface/<SYS ID>/<A FILE NAME> to update some vendor details in a named file in a file path defined on selection screen. This file path set on screen via variants.

DipakGhorpade_0-1719417155753.png

 

Access to this path was no longer allowed directly, unless configured the way the system expects it.

Steps to maintain the config are as below.

  1.        Definition of the logical path name
    A logical path name is a platform independent file path. It is assigned to logical file name.
    DipakGhorpade_1-1719417155758.png

     

  2.        Definition of the logical file name

    Logical file name is a platform independent name given to the file in file system. At runtime, the logical file name is converted by the FILE_GET_NAME function module to a platform-specific path and file name. It is assigned a logical path. In programs, the logical file name is usually used to access the physical path.
    DipakGhorpade_2-1719417155761.png

     

  1.        Assignment of the logical fine name to the physical path

The physical path is assigned to the logical path on system dependence syntax group(OS) level.
A logical path is mapped to physical path as below.

DipakGhorpade_3-1719417155764.png

 

DipakGhorpade_4-1719417155767.png

 

Thus, the vendor programs which were accessing a location “/interface/<SYS ID>/<FILE NAME>, to update vendor records in a named file in the file system were correctly pointed to the correct file.

Labels:
Labels in this area
Popular Blog Posts