PI with Seeburger – A tip for Security Administrators


SAP PI Interview Questions and SAP PI Tutorials

SAP PI Interview Questions and SAP PI Tutorials

PI with Seeburger – A tip for Security Administrators

SAP PI Interview Questions and SAP PI Tutorials

SAP PI Interview Questions and SAP PI Tutorials

Recently I was performing an upgrade for Seeburger set of adapters on SAP PI 7.0 from version 1.7 to 1.8.1 (The latest version recommened for PI 7.0). During this upgrade, we faced some issues which made me realize that a basic flaw during installation of the Seeburger suite on PI could lead to a Security breach and could provide an opportunity for Mischief (a mild word) lovers or Swindlers (a harsh word) 🙂  

You might have recognized this earlier, but the couple of PI systems I observed, the Security team missed it. This promoted me to share this small but “could be relevant” issue.

The Weak Point 

One of the steps of Seeburger Installation is to create a user “seeburger” and assign the role “SAP_J2EE_ADMIN” to this user. Then it is advised to set the password of this user to “xxxxxxx” (I am not mentioning the password here as it could provoke some users to exploit it. This password is available with the installation manual). Wherever I happened to chek PI systems using Seeburger adapters, I knew there is a user “seeburger” with password “xxxxxxx” with quite good access to PI system information and configuration. I tried logging in and succeeded as this is a Dialog user. In most of the cases, a Basis consultant performing the installation doesn’t really dare to manipulate any such passwords to avoid security breach. This would mean that any developer who is part of Seeburger installations anywhere across the globe is able to access PI systems of their client with role SAP_J2EE_ADMIN. Access to this role, I believe, is not a recommended practice especially for large PI installation involving large number of PI developers.

What to do? 

The simple solution is to change the password as per your conventions and the Security Administrator could maintain such passwords separately.  The location where this password is used is

Visual Admin -> Server -> Services -> Connector Container -> Connectors -> Connector 1.0 -> seeburger.com/com.seeburger.xi.<Module> -> Managed Connection Factory -> Properties

Change the password of key “adapterUserPassword” to the new password and Save.

I hope the Security Administrators read it before the developers! 😉

SAP PI Interview Questions and SAP PI Tutorials

SAP PI Interview Questions and SAP PI Tutorials

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter
www.pdf24.org    Send article as PDF   
This entry was posted in sap pi 7.1 ehp 1 tutorials. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *