Skip to Content

reginfo "ACCESS" parameter, difference to secinfo?

Hi experts,

I try to setup reginfo and secinfo in our system.

What I don't understand is, what means the "access" parameter in reginfo?

It is written, that it defines which client is allowed to communicate with the registered programm.

But isn't it exactly what I define normally in secinfo?

Kind regards

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

4 Answers

  • Best Answer
    Jul 31, 2015 at 08:14 AM

    Hi Christian,

    Have you checked the example in below link

    Gateway Security Files secinfo and reginfo - Security Settings in the Gateway - SAP Library

    The secinfo security file is used to prevent unauthorized launching of external programs.

    File reginfo controls the registration of external programs in the gateway.

    ACCESS List

    To control access from the client side too, you can define an access list for each entry. This is a list of host names that must comply with the rules above. If no access list is specified, the program can be used from any client. The local gateway where the program is registered always has access.

    What is important here is that the check is made on the basis of hosts and not at user level.

    Example

    TP=foo ACCESS=*.sap.com

    Program foo is only allowed to be used by hosts from domain *.sap.com. Access attempts coming from a different domain will be rejected. Of course the local application server is allowed access.

    To permit registered servers to be used by local application servers only, the file must contain the following entry.

    TP=* ACCESS=local [CANCEL=local]

    CANCEL List

    To control the cancellation of registered programs, a cancel list can be defined for each entry (same as for the ACCESS list). If no cancel list is specified, any client can cancel the program. The local gateway where the program is registered can always cancel the program.

    Best Regards,

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 06, 2015 at 12:39 PM

    I have another question regarding this.

    I thought, i just have to maintani this file on the instance, where the gateway is running.

    Isn't that correct?

    Because we have now some impact on other instances, that the ca not use RFCs which are using the GW from another instance.

    So I have instance A and B, on A ist the GW which I am using for the RFC.

    I've maintanied reginfo on A. If I call on A it works if I do the RFC (via sm59) on B I get an internal errror.

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 31, 2015 at 09:05 AM

    Hi,

    Regarding this issue/question, you can refer to SAP Notes below to check/verify the differences and the purpose of these files

    614971 - "GW: Changes to the ACL list of the gateway (secinfo)"

    1069911 - "GW: Changes to the ACL list of the gateway (reginfo)"

    1408081 - "Basic settings for reg_info and sec_info"

    Regards,

    Bíborka

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 31, 2015 at 04:46 PM

    Hello,

    The secinfo file has rules that control which users can start operating system programs on demand.

    The reginfo has rules that control which remote systems can register programs at SAP.

    You can read the following WIKI page for a complete description and examples:

    Gateway Access Control Lists - Application Server Infrastructure - SCN Wiki

    In addition, the following SAP KBAs have videos showing how these files work.

    Regards,

    Isaías

    Add comment
    10|10000 characters needed characters exceeded