Security / Network

Introduction ››
Parent Previous Next

SAP Systems


MDA Workbench accesses an SAP system via Remote Function Call (RFC).


Enabling this functionality has technical an security implications.  That fact that you have access to an SAP system via SAP GUI is not necessarily an indication that MDA Workbench will be able to access that system.


Security Requirements - RFC


Permission is required to execute remote function calls.  MDA Workbench makes use of the following standard function modules:



Access to the above function modules can be granted using authorization object S_RFC.   You may already have this access if you have a security role with some Basis or Developer authorizations.


In a production system it is unlikely that any user will be granted such authorization, but development environments should not be a problem.



Security Requirements - SAP Data Services


The optional (but desirable) use of /BODS/RFC_READ_TABLE for Transfer Data from SAP requires the following Data Services authorization objects:





Network Requirements


SAP GUI typically uses TCP port 32xx to access SAP Dialog port (dispatcher port), where xx is the Instance Number.  For Instance 00 the TCP port used is 3200.  If you have access to an SAP system via SAP GUI, then it's likely that firewall traffic is allowed for port 32xx.


MDA Workbench accesses an SAP system via Remote Function Call (RFC).


Each R/3 application server has an SAP gateway that it uses to communicate with other SAP Systems, or with other applications that use the SAP communication interfaces for RFC.


RFC (Remote Function Call) is SAP's own communications interface. RFC communication always involves a caller (RFC client) and a receiver (RFC server). The RFC server provides one or more function modules that can be called. An RFC client can call one of these function modules, transmit data, and then read the results of the function module. Both the server and the client can be either external programs or the SAP System.


RFC typically use TCP port 33xx to access the SAP Gateway port (dispatcher port), where xx is the Instance Number.  For Instance 00 the TCP port used is 3300.


If you're unable to access an SAP system when using MDA Workbench then ask if TCP Port 33xx is open.



Database Systems


When maintaining Database Connections, you can specify Windows Authentication or choose to supply a user name and password, as when using SQL Server authentication, for example.



Installation from Web Site


Using Internet Explorer, add MasterDataAficionado.com to your list of Trusted Sites to enable the installation of MDA Workbench.


Here are the steps:


  1. Point your Web browser to http://www.MasterDataAficionado.com/
  2. Click the Tools button, and then click Internet Options.
  3. 4.Click the Security tab, and then click the security zone Trusted Sites.
  4. 5.Click the Sites button.
  5. The website http://www.MasterDataAficionado.com should be shown in the Add this website to the zone field.
  6. If checked, then uncheck the Require server verification (https:) for all sites in this zone check box.
  7. Click Add to add the Web site to the list of Trusted Sites.
  8. 8.Click Close, and then click OK.



Program Updates and Trusted Publisher


MDA Workbench is published by ServiceSoftware, and the MDA Workbench application is digitally signed using a Code Signing Certificate.


After installation, MDA Workbench automatically checks for program updates each time it is started. If an update is available then the user is prompted to install the updated program files the next time the application starts.


So that MDA Workbench program updates work with minimum prompts from the user, MDA Workbench downloads a ServiceSoftware certificate and adds the ServiceSoftware certificate to the computer as a Trusted Publisher.


The certificate can be viewed in Internet Explorer by following these steps:


  1. Start Internet Explorer
  2. Click the Tools button, and then click Internet Options.
  3. Click the Content tab, and then click the Certificates button.
  4. Click the Trusted Publishers tab.
  5. Click the certificate issued to ServiceSoftware.
  6. Click the View button.