Security Information for Integration Packages
The integration framework security guide gives you information that explains how to implement a security policy
and provides recommendations for meeting security demands for the integration framework.
For more information, choose Start --> All programs --> Integration solution for SAP Business One --> Integration
Framework, and then choose Help --> Documents --> Operations, section 6, Security Guide.
Security Aspects Related to the Dashboards Solution
Permission and authentication rules for dashboards:
- The system administrator can decide whether to grant each user full or no permission, for each dashboard, in the Authorizations form.
- By default, with a new company and for all dashboards, a non-super user has no permissions.
- At Run time, the user should be able to view the full dashboard even if this user does not have permissions for underlined user-defined queries.
During SAP Business One startup, the SAP Business One user name and password are sent with basic Authentication through HTTP or HTTPS to the integration framework. The integration framework server uses the user name and password to authenticate the user and to return the session.
After that, SAP Business One pings the integration framework server from time to time to keep the session active.
The dashboard retrieves the data through the connection through HTTP post functions.
Security Aspects Related to the RFQ Scenario with Online
Quotation
You must provide vendors included in the RFQ process access to the online purchasing document on the integration framework server.
You can accomplish this by restricting access to the server to a minimum. To restrict access to the server,
- configure the network (NAT) firewall as shown below:
- Only allow external access to the particular hostname / IP-address
- Only allow external access to the configured server port.
Default: port 8080 for HTTP, or port 8443 for HTTPS
If applicable and available for the particular firewall, configure the restricting URL:
http://<hostname>:<portnumber>/B1iXcellerator/exec/ipo/vP.0010000100.in_HCSX/com.sa
- p.b1i.vplatform.runtime/INB_HT_CALL_SYNC_XPT/INB_HT_CALL_SYNC_XPT.ipo/proc?
Security Aspects Related to the DATEV-HR Solution
This scenario requires maximum levels of data security and sensitivity, because it exports personal data. The
DATEV-HR scenario generates employee data for DATEV eG using SAP Business One data. The integration
framework writes the data to a specified directory in the file system. Make sure that only authorized persons have
access to the folder.
Ensure that only authorized persons have access to the integration framework administration user interfaces.
Alternatively, collect confirmations from all users who have access that they are aware that this data is sensitive,
and that they may not distribute any data to third parties or make data accessible to non-authorized persons.
Security Aspects Related to the Mobile Solution
After the mobile user enters the correct user name and password, the front-end application passes the mobile phone number and mobile device ID (MAC address), together with the user name and password, to integration framework.
After receiving the information, the integration framework verifies the following:
- Whether the user is enabled as a mobile user
- Whether the necessary license is assigned to the user
- Whether it can find the telephone number and device ID pair in the SAP Business One user administration
- Whether the user name matches the telephone number and the device ID
- Whether the user has been blocked by the SAP Business One system
- Whether the provided password is correct
Then the user is allowed to access the system.
The password is encrypted while it is transmitted to the integration framework, which decrypts the password after receiving it.
Using HTTPS
To make communication safer, you have the option to use HTTPS for the sessions in the integration framework.
On the server side you can configure the communication protocol (HTTP or HTTPS). On the client side, you have the option to switch to the HTTPS protocol. By default, the solution runs with HTTPS, and the integration framework allows incoming calls through HTTPS only.
License Control
All mobile users have to be licensed before being allowed to access the SAP Business One system through the mobile channel. License administration is integrated with the SAP Business One user and license.
The mobile user also needs the assignment of the B1i license. Authorization within the SAP Business One application depends on the user’s SAP Business One application license