rfc/callback_security_method

Posted by — May 17, 2016 in SAP PARAMETER Leave a reply

Parameter

rfc/callback_security_method

Short text

Permit or deny execution of RFC callbacks in accordance with configured whitelist and write corresponding entry in Security Audit Log.

Parameter Description

Value 0: Emergency mode (fallback).

• If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected. Otherwise, the callback is executed.

• All whitelist entries for RFC callbacks (including the active entires) are ignored.

Value 1: Default mode (compatibility mode).

• If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected.

• If the callback is forbidden by an active whitelist, it is rejected.

• In all other cases, the callback is permitted.

• Every permitted callback is logged in the Security Audit Log with a “non-critical” (green) entry. Every rejected callback is logged with a “critical” (red) entry.

Value 2: Simulation Mode.

• If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected.

• If the callback is forbidden by an active whitelist, it is rejected.

• In all other cases, the callback is permitted.

• Every rejected callback is logged with a “critical” (red) entry in the Security Audit Log. Every permitted callback, which would have been rejected if the whitelist had been activated, is also logged with a “critical” (red) entry in the Security Audit Log. All other permitted callbacks are logged with a “non-critical” (green) entry.

Value 3: Most Secure Mode:

• If callbacks have been forbidden by a previous call of the function module RFC_CALLBACK_REJECTED, the callback is rejected.

• If the callback is forbidden by an active or inactive whitelist, it is rejected. (Note that, in this mode, an inactive whitelist has the same effect as an active whitelist.)

• In all other cases, the callback is permitted.

• Every rejected callback is logged with a “critical” (red) entry in the Security Audit Log. Every permitted callback is logged with a “non-critical” (green) entry.

Application Area

None.

Parameter Unit

None.

Default Value

0

Who is permitted to make changes?

Everyone.

Operating System Restrictions

None.

Database System Restrictions

None.

Are other parameters affected or dependent?

None.

Values allowed

0, 1, 2, 3.

You May Also Like

jstartup/shutdown_timeout : Timeout for the jstart controller process to wait for shutdown of child processes

jstartup/security_level : Security level for jcontrol

jstartup/sdm_properties : Path to SDM properties file

jstartup/recorder : Flight recorder configuration

Leave a Reply?