SlideShare a Scribd company logo

SAP SRM Decoupled Bidding cFolders replication security issue analysis

K
Konstantin Khrushchev

SAP SRM Decoupled Bidding cFolders replication security issue analysis Not ideally security solution but better typical by SAP.

Software
1 of 12
Download to read offline
Konstantin Khrushchev SAP SRM Rapid Deployment Solution S27 Operational Sourcing – Decoupled Bidding cFolders replication security issue analysis January 2016
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 2 Decoupled Scenario typical cFolders landscape(1/2) SAP SRM Purchaser Side(Intranet) Supplier Side(DMZ) SAP SRM SUS SAP PLM cFolders SAP Content Server RFX RFX Response 2 A B C D E
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 3 Decoupled Scenario typical cFolders landscape(2/2) 3 Icon Connection type Authorization RFC connection RFC auth HTTP connection Public/private key auth RFC connection RFC auth SOA service A B C D E
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 4 cFolders replication security issue analysis 4 Typical replication process by SAP doesn`t mean cFolders replication Replicated RFX in Supplier system has direct link to Collaboration in Purchaser system This is unacceptable
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 5 Decoupled Scenario cFolders landscape security solution(1/2) SAP SRM Purchaser Side(Intranet) Supplier Side(DMZ) SAP SRM SUS SAP PLM cFolders SAP Content Server RFX, Collaboration Public Area structure SAP PLM cFolders RFX Response, Collaboration Supplier area data 5 A B C D E F
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 6 Decoupled Scenario cFolders landscape security solution(2/2) 6 Icon Description Authorization RFC connection RFC auth HTTP connection Public/private key auth SOA service A B C D E D
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 7 cFolders replication security solution details 7 Transfer to Supplier side Transfer to Purchaser side Step 1: Modify SOA service RFQRequestSRMReplicationRequest_Out for transfer cFolders collaboration public area Step 2: Modify class /SAPSRM/CL_REPLICATE_RFX for create/update cFolders collaboration public area
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 8 cFolders replication security solution details 8 Transfer to Supplier side Transfer to Purchaser side Step 1: Modify SOA service SupplierQuoteSRMRequest_Out for transfer cFolders collaboration supplier area data Step 2: Modify function module /SAPSRM/REPLICATE_RESP for create/update cFolders collaboration supplier area
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 9 cFolders replication security solution Nota bene! 9 Do not transfer files content! Link new files with existing content SAP content server Use TextCollection level in SOA instead modify. Just serialize structure of data, put to TextCollection with new ID. Use Enhancement Framework instead modify standard objects Keep in mind cFolders structure: Collaboration-Area-Topic-Folder-Doc- File Folder in Bidder area has link to topic
© © 2014 SAP SE or an SAP affiliate company. All rights reserved. / Page 10 10Confidential About author Konstantin Khrushchev is an independent SAP ABAP developer/SRM consultant who has been working with SAP software since 2007. In last time he has focused on SRM projects. He has been involved in 5 SAP SRM implementations. 10
Thank you
© © 2014 SAP SE or an SAP affiliate company. All rights reserved. / Page 12 12Confidential Copyright © 2016, Konstantin Khrushchev. Licensed under the Creative Commons Attribution 4.0 license, http://creativecommons.org/licenses/by/4.0/ 12

Recommended

El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...
El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...
El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...RaGaZoMe
 
Nerworking es xi
Nerworking es xiNerworking es xi
Nerworking es xiAlvaro del Pozo Hernández
 
Ten questions-c folders
Ten questions-c foldersTen questions-c folders
Ten questions-c foldersNayeem Rahman
 
Modelo de dick y carey
Modelo de dick y careyModelo de dick y carey
Modelo de dick y careyAndres Ayala
 
6AKerriAllen
6AKerriAllen6AKerriAllen
6AKerriAllenKerri Allen
 
Calendário futebol de salão 2014
Calendário futebol de salão 2014Calendário futebol de salão 2014
Calendário futebol de salão 2014grupouniaosport
 
Feedback
FeedbackFeedback
Feedbackamyflint5477
 
徐悦甡简历
徐悦甡简历徐悦甡简历
徐悦甡简历Yueshen Xu
 

Recommended

El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...
El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...
El nuevo servidor HP ProLiant DL360 Gen9 consigue récords mundiales en la pru...RaGaZoMe
 
Nerworking es xi
Nerworking es xiNerworking es xi
Nerworking es xiAlvaro del Pozo Hernández
 
Ten questions-c folders
Ten questions-c foldersTen questions-c folders
Ten questions-c foldersNayeem Rahman
 
Modelo de dick y carey
Modelo de dick y careyModelo de dick y carey
Modelo de dick y careyAndres Ayala
 
6AKerriAllen
6AKerriAllen6AKerriAllen
6AKerriAllenKerri Allen
 
Calendário futebol de salão 2014
Calendário futebol de salão 2014Calendário futebol de salão 2014
Calendário futebol de salão 2014grupouniaosport
 
Feedback
FeedbackFeedback
Feedbackamyflint5477
 
徐悦甡简历
徐悦甡简历徐悦甡简历
徐悦甡简历Yueshen Xu
 
SAP cFolders Training
SAP cFolders Training SAP cFolders Training
SAP cFolders Training KMR SOFTWARE SERVICES PVT LTD
 
Spiked Cocktail Menu Feb 2016
Spiked Cocktail Menu Feb 2016Spiked Cocktail Menu Feb 2016
Spiked Cocktail Menu Feb 2016Jeffrey Lambkin
 
The Complete Guide To SAP cFolders
The Complete Guide To SAP cFoldersThe Complete Guide To SAP cFolders
The Complete Guide To SAP cFoldersShobhit Singhal
 
Integrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsIntegrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsEric Stajda
 
I Olimpiadas Inter Institucionales
I Olimpiadas Inter InstitucionalesI Olimpiadas Inter Institucionales
I Olimpiadas Inter InstitucionalesFEDERACION DEPORTIVA DE MORONA SANTIAGO
 
SAP cProjects
SAP cProjectsSAP cProjects
SAP cProjectsPramod Patil, PMP
 
Introduction to OData and SAP NetWeaver Gateway.pptx
Introduction to OData and SAP NetWeaver Gateway.pptxIntroduction to OData and SAP NetWeaver Gateway.pptx
Introduction to OData and SAP NetWeaver Gateway.pptxRichard314186
 
Introduction to SAP Gateway and OData
Introduction to SAP Gateway and ODataIntroduction to SAP Gateway and OData
Introduction to SAP Gateway and ODataChris Whealy
 
SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers Verbella CMG
 
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments VMworld
 
Fuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPFuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPKenneth Peeples
 
Gateway Deployment Options
Gateway Deployment OptionsGateway Deployment Options
Gateway Deployment OptionsGaurav Ahluwalia
 
SAPonAzureCaseStudyMay2020.pptx
SAPonAzureCaseStudyMay2020.pptxSAPonAzureCaseStudyMay2020.pptx
SAPonAzureCaseStudyMay2020.pptxShashidhar Badisha B
 
SAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP Technology
 
SAP HANA SPS09 - Multitenant Database Containers
SAP HANA SPS09 - Multitenant Database ContainersSAP HANA SPS09 - Multitenant Database Containers
SAP HANA SPS09 - Multitenant Database ContainersSAP Technology
 
2017 sitNL Cloud Foundry Masterclass
2017 sitNL Cloud Foundry Masterclass2017 sitNL Cloud Foundry Masterclass
2017 sitNL Cloud Foundry MasterclassTed Castelijns
 
It Sizing for Aras on Azure, Hybrid or On-site Deployments
It Sizing for Aras on Azure, Hybrid or On-site DeploymentsIt Sizing for Aras on Azure, Hybrid or On-site Deployments
It Sizing for Aras on Azure, Hybrid or On-site DeploymentsAras
 
Capture Accurate Solution Requirements with Exploratory Modeling at SAP
Capture Accurate Solution Requirements with Exploratory Modeling at SAPCapture Accurate Solution Requirements with Exploratory Modeling at SAP
Capture Accurate Solution Requirements with Exploratory Modeling at SAPESUG
 
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl... Array Networks
 
NetWeaver Gateway- Introduction to REST
NetWeaver Gateway- Introduction to RESTNetWeaver Gateway- Introduction to REST
NetWeaver Gateway- Introduction to RESTSAP PartnerEdge program for Application Development
 
SAP HANA SPS09 - HANA IM Services
SAP HANA SPS09 - HANA IM ServicesSAP HANA SPS09 - HANA IM Services
SAP HANA SPS09 - HANA IM ServicesSAP Technology
 
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdf
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdfWorking with SAP Business Warehouse Elements in SAP Datasphere_.pdf
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdfPanduM7
 

More Related Content

Viewers also liked

Spiked Cocktail Menu Feb 2016
Spiked Cocktail Menu Feb 2016Spiked Cocktail Menu Feb 2016
Spiked Cocktail Menu Feb 2016Jeffrey Lambkin
 
The Complete Guide To SAP cFolders
The Complete Guide To SAP cFoldersThe Complete Guide To SAP cFolders
The Complete Guide To SAP cFoldersShobhit Singhal
 
Integrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsIntegrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsEric Stajda
 

Viewers also liked (6)

SAP cFolders Training
SAP cFolders Training SAP cFolders Training
SAP cFolders Training
 
Spiked Cocktail Menu Feb 2016
Spiked Cocktail Menu Feb 2016Spiked Cocktail Menu Feb 2016
Spiked Cocktail Menu Feb 2016
 
The Complete Guide To SAP cFolders
The Complete Guide To SAP cFoldersThe Complete Guide To SAP cFolders
The Complete Guide To SAP cFolders
 
Integrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsIntegrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjects
 
I Olimpiadas Inter Institucionales
I Olimpiadas Inter InstitucionalesI Olimpiadas Inter Institucionales
I Olimpiadas Inter Institucionales
 
SAP cProjects
SAP cProjectsSAP cProjects
SAP cProjects
 

Similar to SAP SRM Decoupled Bidding cFolders replication security issue analysis

Introduction to OData and SAP NetWeaver Gateway.pptx
Introduction to OData and SAP NetWeaver Gateway.pptxIntroduction to OData and SAP NetWeaver Gateway.pptx
Introduction to OData and SAP NetWeaver Gateway.pptxRichard314186
 
Introduction to SAP Gateway and OData
Introduction to SAP Gateway and ODataIntroduction to SAP Gateway and OData
Introduction to SAP Gateway and ODataChris Whealy
 
SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers Verbella CMG
 
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments VMworld
 
Fuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPFuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPKenneth Peeples
 
Gateway Deployment Options
Gateway Deployment OptionsGateway Deployment Options
Gateway Deployment OptionsGaurav Ahluwalia
 
SAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP Technology
 
SAP HANA SPS09 - Multitenant Database Containers
SAP HANA SPS09 - Multitenant Database ContainersSAP HANA SPS09 - Multitenant Database Containers
SAP HANA SPS09 - Multitenant Database ContainersSAP Technology
 
2017 sitNL Cloud Foundry Masterclass
2017 sitNL Cloud Foundry Masterclass2017 sitNL Cloud Foundry Masterclass
2017 sitNL Cloud Foundry MasterclassTed Castelijns
 
It Sizing for Aras on Azure, Hybrid or On-site Deployments
It Sizing for Aras on Azure, Hybrid or On-site DeploymentsIt Sizing for Aras on Azure, Hybrid or On-site Deployments
It Sizing for Aras on Azure, Hybrid or On-site DeploymentsAras
 
Capture Accurate Solution Requirements with Exploratory Modeling at SAP
Capture Accurate Solution Requirements with Exploratory Modeling at SAPCapture Accurate Solution Requirements with Exploratory Modeling at SAP
Capture Accurate Solution Requirements with Exploratory Modeling at SAPESUG
 
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl... Array Networks
 
SAP HANA SPS09 - HANA IM Services
SAP HANA SPS09 - HANA IM ServicesSAP HANA SPS09 - HANA IM Services
SAP HANA SPS09 - HANA IM ServicesSAP Technology
 
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdf
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdfWorking with SAP Business Warehouse Elements in SAP Datasphere_.pdf
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdfPanduM7
 
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster RecoverySAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster RecoverySAP Technology
 
2013 Perforce Collaboration Tour - MathWorks
2013 Perforce Collaboration Tour - MathWorks2013 Perforce Collaboration Tour - MathWorks
2013 Perforce Collaboration Tour - MathWorksPerforce
 

Similar to SAP SRM Decoupled Bidding cFolders replication security issue analysis (20)

Introduction to OData and SAP NetWeaver Gateway.pptx
Introduction to OData and SAP NetWeaver Gateway.pptxIntroduction to OData and SAP NetWeaver Gateway.pptx
Introduction to OData and SAP NetWeaver Gateway.pptx
 
Introduction to SAP Gateway and OData
Introduction to SAP Gateway and ODataIntroduction to SAP Gateway and OData
Introduction to SAP Gateway and OData
 
SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers
 
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
VMworld 2013: Real-world Design Examples for Virtualized SAP Environments
 
Fuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPFuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMP
 
Gateway Deployment Options
Gateway Deployment OptionsGateway Deployment Options
Gateway Deployment Options
 
SAPonAzureCaseStudyMay2020.pptx
SAPonAzureCaseStudyMay2020.pptxSAPonAzureCaseStudyMay2020.pptx
SAPonAzureCaseStudyMay2020.pptx
 
SAP HANA Native Application Development
SAP HANA Native Application DevelopmentSAP HANA Native Application Development
SAP HANA Native Application Development
 
SAP HANA SPS09 - Multitenant Database Containers
SAP HANA SPS09 - Multitenant Database ContainersSAP HANA SPS09 - Multitenant Database Containers
SAP HANA SPS09 - Multitenant Database Containers
 
2017 sitNL Cloud Foundry Masterclass
2017 sitNL Cloud Foundry Masterclass2017 sitNL Cloud Foundry Masterclass
2017 sitNL Cloud Foundry Masterclass
 
It Sizing for Aras on Azure, Hybrid or On-site Deployments
It Sizing for Aras on Azure, Hybrid or On-site DeploymentsIt Sizing for Aras on Azure, Hybrid or On-site Deployments
It Sizing for Aras on Azure, Hybrid or On-site Deployments
 
Capture Accurate Solution Requirements with Exploratory Modeling at SAP
Capture Accurate Solution Requirements with Exploratory Modeling at SAPCapture Accurate Solution Requirements with Exploratory Modeling at SAP
Capture Accurate Solution Requirements with Exploratory Modeling at SAP
 
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
 
NetWeaver Gateway- Introduction to REST
NetWeaver Gateway- Introduction to RESTNetWeaver Gateway- Introduction to REST
NetWeaver Gateway- Introduction to REST
 
SAP HANA SPS09 - HANA IM Services
SAP HANA SPS09 - HANA IM ServicesSAP HANA SPS09 - HANA IM Services
SAP HANA SPS09 - HANA IM Services
 
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdf
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdfWorking with SAP Business Warehouse Elements in SAP Datasphere_.pdf
Working with SAP Business Warehouse Elements in SAP Datasphere_.pdf
 
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster RecoverySAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
SAP HANA SPS10- Scale-Out, High Availability and Disaster Recovery
 
2013 Perforce Collaboration Tour - MathWorks
2013 Perforce Collaboration Tour - MathWorks2013 Perforce Collaboration Tour - MathWorks
2013 Perforce Collaboration Tour - MathWorks
 
B1if_Overview.pptx
B1if_Overview.pptxB1if_Overview.pptx
B1if_Overview.pptx
 
SAP.ppt
SAP.pptSAP.ppt
SAP.ppt
 

Recently uploaded

The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationElement34
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Clinic
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfWSO2
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIAGATSoftware
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckMarc Lester
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletAndrea Goulet
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaNeo4j
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Henry Schreiner
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdftimtebeek1
 
Rapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and InsightsRapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and Insightsrapidoform
 
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...Neo4j
 
Novo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNovo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNeo4j
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConNatan Silnitsky
 
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Flutter Agency
 
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio, Inc.
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jNeo4j
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Conceptsthomashtkim
 
Spring into AI presented by Dan Vega 5/14
Spring into AI presented by Dan Vega 5/14Spring into AI presented by Dan Vega 5/14
Spring into AI presented by Dan Vega 5/14VMware Tanzu
 

Recently uploaded (20)

The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test Automation
 
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
Abortion Pill Prices Mthatha (@](+27832195400*)[ 🏥 Women's Abortion Clinic In...
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined Deck
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea Goulet
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
Rapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and InsightsRapidoform for Modern Form Building and Insights
Rapidoform for Modern Form Building and Insights
 
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
CERVED e Neo4j su una nuvola, migrazione ed evoluzione di un grafo mission cr...
 
Novo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNovo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMs
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
 
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Concepts
 
Spring into AI presented by Dan Vega 5/14
Spring into AI presented by Dan Vega 5/14Spring into AI presented by Dan Vega 5/14
Spring into AI presented by Dan Vega 5/14
 

SAP SRM Decoupled Bidding cFolders replication security issue analysis

  • 1. Konstantin Khrushchev SAP SRM Rapid Deployment Solution S27 Operational Sourcing – Decoupled Bidding cFolders replication security issue analysis January 2016
  • 2. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 2 Decoupled Scenario typical cFolders landscape(1/2) SAP SRM Purchaser Side(Intranet) Supplier Side(DMZ) SAP SRM SUS SAP PLM cFolders SAP Content Server RFX RFX Response 2 A B C D E
  • 3. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 3 Decoupled Scenario typical cFolders landscape(2/2) 3 Icon Connection type Authorization RFC connection RFC auth HTTP connection Public/private key auth RFC connection RFC auth SOA service A B C D E
  • 4. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 4 cFolders replication security issue analysis 4 Typical replication process by SAP doesn`t mean cFolders replication Replicated RFX in Supplier system has direct link to Collaboration in Purchaser system This is unacceptable
  • 5. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 5 Decoupled Scenario cFolders landscape security solution(1/2) SAP SRM Purchaser Side(Intranet) Supplier Side(DMZ) SAP SRM SUS SAP PLM cFolders SAP Content Server RFX, Collaboration Public Area structure SAP PLM cFolders RFX Response, Collaboration Supplier area data 5 A B C D E F
  • 6. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 6 Decoupled Scenario cFolders landscape security solution(2/2) 6 Icon Description Authorization RFC connection RFC auth HTTP connection Public/private key auth SOA service A B C D E D
  • 7. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 7 cFolders replication security solution details 7 Transfer to Supplier side Transfer to Purchaser side Step 1: Modify SOA service RFQRequestSRMReplicationRequest_Out for transfer cFolders collaboration public area Step 2: Modify class /SAPSRM/CL_REPLICATE_RFX for create/update cFolders collaboration public area
  • 8. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 8 cFolders replication security solution details 8 Transfer to Supplier side Transfer to Purchaser side Step 1: Modify SOA service SupplierQuoteSRMRequest_Out for transfer cFolders collaboration supplier area data Step 2: Modify function module /SAPSRM/REPLICATE_RESP for create/update cFolders collaboration supplier area
  • 9. © 2014 SAP SE or an SAP affiliate company. All rights reserved. 9 cFolders replication security solution Nota bene! 9 Do not transfer files content! Link new files with existing content SAP content server Use TextCollection level in SOA instead modify. Just serialize structure of data, put to TextCollection with new ID. Use Enhancement Framework instead modify standard objects Keep in mind cFolders structure: Collaboration-Area-Topic-Folder-Doc- File Folder in Bidder area has link to topic
  • 10. © © 2014 SAP SE or an SAP affiliate company. All rights reserved. / Page 10 10Confidential About author Konstantin Khrushchev is an independent SAP ABAP developer/SRM consultant who has been working with SAP software since 2007. In last time he has focused on SRM projects. He has been involved in 5 SAP SRM implementations. 10
  • 12. © © 2014 SAP SE or an SAP affiliate company. All rights reserved. / Page 12 12Confidential Copyright © 2016, Konstantin Khrushchev. Licensed under the Creative Commons Attribution 4.0 license, http://creativecommons.org/licenses/by/4.0/ 12