In this blog we will discuss about how to manage , maintain (edit) , display gateway security features for a standalone gateway server.Although we will discuss about standalone gateway , but the same feature will be applicable for JAVA application server as well.
The 2 main files related to gateway security are reginfo and secinfo. For an ABAP system we can use transaction SMGW and make the necessary changes like editing , maintaining , reloading the security features. This is not the case in standalone gateway server as we dont have access to transaction SMGW .In case of standalone gateway ( JAVA application server as well ) we have a savior tool. Its gwmon. To find out more on gwmon tool please refer to this link here.
There is also another link which explains about using gwmon outside of SAP system , please see link here.
TIP: to install a standalone gateway you can check this guide , here.
Accessing the gateway monitor tool ( GWMON )
To execute the gwmon please run the command :
gwmon pf=<path_to_standalone GW_profile>
You generally exit the gateway monitor with q, and use m to go to the (next higher) menu.
If you enter option m (menu) and press Enter, it will display “Main menu”, where different options can be selected.
For us the main concern is with ‘security ‘ options. i.e option ‘9’ in the menu section.
The option ‘9’ should be used in order to handle Gateway security files, reginfo and secinfo, that are used to allow/deny programs to register or be executed on this Gateway.
When we execute 9 then the screen would look like
Manage the security files
In order to edit the files ( reginfo and secinfo ) we would need to access the DIR_DATA or DIR_GLOBAL depending on how you have set the reginfo and secinfo parameter.
I would like to point out a important fact about setting the parameters reginfo and secinfo which we face often and it ends up in errors. Thankfully we have a SAP note which describes what should be the correct format and the directory for setting the reginfo and secinfo files. Please refer to the SAP note # 2538876 – “Name of the path is not correct” popup while accessing the ACL files via SMGW
To edit entries ( delete , add ) in reginfo /secinfo file please edit the respective file from OS level ( as there is no access of GUI for standalone or java ) then make the entries manually and save the file.
Now important point is to tell the gateway that we have made the changes in the reginfo/secinfo files and to implement those changes and let them take into affect we need to reload the security files. For this please choose option number ‘4’ so that the security files are reloaded.
In this way we can maintain,manage the security files in standalone gateway server and JAVA application servers as well.
Let me know in case any queries.