Skip to Content
Author's profile photo Former Member

ACL – Confine users sending messages

An Access Control List (ACL) can be defined for several adapters on service level and on the level of sender agreements for checking the contents of a message against these allowed users upon receipt of a message via these adapters. Putting it in more simple words, we can restrict the incoming messages by jut allowing those coming from the users specified in the Access Control List.  The adapters supporting these are  – On Integration Server:   XI   HTTP   IDOC – On Adapter Engine   SOAP   RFC   RNIF 1.1 & 2.0   CIDX   Business Connector   Marketset adapters  There are several cases to consider: •     The messages received under a certain runtime user will be accetped by the IS or the Adapter Engine  o     If the user is contained in the the sender service´s ACL, but the ACL is empty in the sender agreement of the corresponding message interface of the received message. image  o     If the user is contained in the sender service´s ACL, and the same user is contained in the ACL of the sender agreement of the corresponding message interface of the received message. o     If the sender service´s ACL is empty, and the user is contained in the ACL of the sender agreement of the corresponding message interface of the received message. image o     If the sender service´s ACL is empty and the ACL is empty in the sender agreement of the corresponding message interface of the received message.  •     The message received under a certain runtime user will be rejected by the IS or the Adapter Engine (with a HTTP 403 (forbidden request ) error is sent back to the partner)  o     If the sender service`s ACL is not empty and does not contain the user. o     If the sender agreement`s ACL is not empty and does not contain the user.

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Sravya Talanki
      Sravya Talanki
      already  some thing of this sort is blogged
      XI : Controlling access to Sensitive Interfaces
      Author's profile photo Former Member
      Former Member
      good one rahul..