Skip to Content
avatar image
Former Member

SAP PI - fi operations - security concerns

Hello,

We are working on a project, where  we will pull data about our customer transactions from Bank, through PI to SAP IS-U. PI and IS-U are inside our LAN Network. Web service provided by Bank except operations which allow to pull history data like statements etc. have also operations like transfer, international transfer etc.

Connection beetwen bank and PI is secured (certificate will be loaded on PI), connection between PI and IS-U isn't but it is inside LAN. But our architect has security concerns and he recommended a separate PI for FI operation only where limited number of people have access.

Is there any way to achieve same goal without using second instance of PI, for example by using roles, etc...

I would be very grateful for your opinions.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Oct 28, 2015 at 08:44 AM

    Hi Marcin

    If the security concern is related to viewing of payloads, you can restrict the contents by using custom roles as mentioned in the blog below.

    Michal's PI tips: Authorizations for viewing payload of messages on Java stack - implementation

    Rgds

    Eng Swee

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 28, 2015 at 08:46 AM

    Hello Marcin,

    you can restrict access to particular objects like SWCV in PI.

    In your case it can be restricted to Banking SWCV and related objects

    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a005629b-c063-2910-0fb8-f57dc68abaca?quicklink=events…

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 28, 2015 at 09:46 AM

    Hi Marcin,

    I am sure the access needs to be restricted to the payload, so as Eng suggested deploy the "role" file and assign this new role only to qualified users.

    Also you may want to use Message level encryption for these particular interfaces.

    An additional security aspect which you can use if you are on 7.31+ is to use the "Sensitive Data" option on your interface.This stores the encrypted data in DB.

    BR,

    Harish

    Add comment
    10|10000 characters needed characters exceeded