Skip to Content

Securing HCI Using OAUTH at Service Level

We are using SAP HCI as our integration platform and have set-up OAuth in the SAP HANA Cloud Platform Cockpit to enable external consumers to call our services. My question is can we restrict a consumer to be able to use specific services ?

i.e Currently a consumer with a valid access token potentially has access to any service on the HCI tenant, all HCI services will be sub-elements of the endpoint:

https://e9999-iflmap.hcisbt.eu1.hana.ondemand.com/cxf

We wish to restrict Consumer A to a service that has for example endpoint

https://9999-iflmap.hcisbt.eu1.hana.ondemand.com/cxf/Dosearch/

If we don't tell consumer A what the other endpoints available are then we can assume that they won't attempt to call them but is this a risk from a malicious attempt to guess service endpoints?

Register Client

Created the OAuth Access Token (authorized by S-User)


HCI Overview

S-User Assigned to ESBMessaging.send Role

screen1.jpg (110.2 kB)
screen2.jpg (86.1 kB)
screen3.jpg (53.1 kB)
screen4.jpg (94.1 kB)
screen2.jpg (89.0 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers