SAP Parameter gw/reg_info - External security filename for gateway


Short text
External security filename for gateway

Parameter description
This parameter can be used to protect external programs against beingregistered. Unauthorized registration of programs can be prevented bymaintaining the file reginfo in the data directory of the gatewayinstance.
If the file exists, the system searches for valid registration entriesin this list. If not, the system searches as previously in thegw/sec_info file.
Using the reginfo file makes it possible to define the entries betterthan before.
The syntax of the entries in this file is as follows
TP=<(><<)>tp> [HOST=<(><<)>hostname>] [NO=<(><<)>n>] [ACCESS=<(>
<<)>hostname,...>] [CANCEL=<(><<)>hostname,...>]
Certain programs can be allowed to register from an external host byspecifying the relevant information.
Valid TP name:
No restriction : *
TP name : foo
Start of name : foo*
Valid host name:
No restriction : *
Host name: sapprod for example
IP address:
Domain : *
Subnet address : 192.1.1.*
Examples of valid entries
TP=* All registrations allow HOST=* TP=foo* All registrations that startwith foo,
but not f or fo
HOST=* TP=* from domain *, are all
Registrations allowed
If the TP name is specified without wildcards, the number ofregistrations allowed can be specified too.
HOST=* TP=foo NO=1 , meaning that only one program can be registeredwith the
name foo. All other attempts to register a program with this name arerejected.
To control access from the client side too, you can define an accesslist for each entry. This is a list of host names that must comply withthe rules above. *' is not allowed however. If no access list isspecified, the program can be used from any client. The local gatewaywhere the program is registered always has access.
What is important here is that the check is made on the basis of hostsand not at user level.
for example HOST=* TP=foo ACCESS=*
Program foo can only be used by hosts from domain * Accessattempts coming from a different domain will be rejected.
The CANCEL list can be used to define whether other clients can teminatethe registered program. The same rules apply for this list as for HOSTor ACCESS,
for example HOST=* TP=foo ACCESS=* CANCEL=*
Program foo can only be terminated by clients that have logged on fromdomain

Work area

Parameter unit

Default value
<(><<)>Data directory>/reginfo

Who is allowed

Limitation for os

Limitation for db

Other parameter

File name