Skip to Content
0

Securing HCI Using OAUTH at Service Level

Feb 14, 2017 at 10:51 AM

70

avatar image
Former Member

We are using SAP HCI as our integration platform and have set-up OAuth in the SAP HANA Cloud Platform Cockpit to enable external consumers to call our services. My question is can we restrict a consumer to be able to use specific services ?

i.e Currently a consumer with a valid access token potentially has access to any service on the HCI tenant, all HCI services will be sub-elements of the endpoint:

https://e9999-iflmap.hcisbt.eu1.hana.ondemand.com/cxf

We wish to restrict Consumer A to a service that has for example endpoint

https://9999-iflmap.hcisbt.eu1.hana.ondemand.com/cxf/Dosearch/

If we don't tell consumer A what the other endpoints available are then we can assume that they won't attempt to call them but is this a risk from a malicious attempt to guess service endpoints?

Register Client

Created the OAuth Access Token (authorized by S-User)


HCI Overview

S-User Assigned to ESBMessaging.send Role

screen1.jpg (110.2 kB)
screen2.jpg (86.1 kB)
screen3.jpg (53.1 kB)
screen4.jpg (94.1 kB)
screen2.jpg (89.0 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers