We would like to allow only one certain TCP/IP address to call one of our Natural RPC Service, without limiting TCP/IP adresses to other exisitng services registered to the same Broker.
The document says I can set BKICON = Y to Authorize I/P connections. I would like to find out more how the authentication works? Can I relate the TCP/IP address to a specific server? Is userid/pw required?
Thanks in advance,
Rabia
Rabia, this is my understanding of how it should work, although I haven’t tested it:
You would need to relate the security to a user (or group). Thus for TCP/IP, you would have the rules:
- allow user(rpcuser) resource(100.100.100.100) read
- deny user() resource(100.100.100.100)
-
allow user() resource(*) read
(the specific syntax for the “allow” “deny” will depend on your SAF product)
User “rpcuser” would be given access authority (read) to the class/server/service, same as you would do without TCP/IP security. If “rpcuser” is the only user allowed to that class/server/service and only that user is allowed to use that tcp/ip address, you should be tightened down.
Let me know how it goes!
Douglas Kelly,
Principal Consultant
Software AG, Inc
Sacramento, California