SAP Ariba - Security Details

You need to protect sensitive information and encrypt information in configuration files to protect it. Ariba buyer configuration files can contain sensitive information pke computer names, passwords, or personal information. All these values are in plain text format and for protection, the values should be encrypted.

You can use aribaencrypt command and supply a string as an argument. This will update config/parameter.table with encrypted value.

Example

Use aribaencrypt-key <key>. Here, key is the name of an existing parameter in Parameters.table. This will ask you to confirm action and post confirmation, the key is properly encrypted and stored in Parameters.table. No further steps are required.

Securing Ariba Administrator Tasks

You need to secure the data through Ariba Administrator using the following −

Access to integration events and scheduled tasks should be secured from Ariba Administrator by using ExecutePermissionPull integration event.

It is also possible to implement file level security by using “EditPermissionPull” integration event.

To ensure administrator tasks are secure, you need to change workspace and task permissions in the workspace configuration files.

You also need to secure different objects in Ariba configuration. This can be done by assigning read and edit permissions to object in ObjectPermission.csv file.

While using default configuration, ObjectPermission.csv file is in the below directory −

config/variants/Plain/partitions/None/data/ObjectPermission.csv

ObjectPermission.csv file contains the below fields −