In addition to allowing access to a particular host and port, you also must specify which URL paths (Resources) are allowed to be invoked on that host. The Cloud Connector uses very strict allowlists for its access control. Only those URLs for which you explicitly granted access are allowed. All other HTTP(S) requests are denied by the Cloud Connector.
To define the permitted URLs for a particular backend system, choose the line corresponding to that backend system and choose Add in the Resources Accessible On... section (as shown in the following figure, Add Resource). A dialog box appears that prompts you to enter the specific URL path that you want to allow to be invoked.
The Cloud Connector checks that the path part of the URL (up to but not including a possible question mark (?) that may denote the start of optional CGI-style query parameters) is exactly as specified in the configuration. If it is not, the request is denied. If you select option Path and all sub-paths, the Cloud Connector allows all requests for which the URL path (not considering any query parameters) starts with the specified string.
The Active checkbox lets you specify, if that resource is initially enabled or disabled. See the following section for more information on enabled and disabled resources.
Activate or Suspend Resources
In some cases, it is useful for testing purposes to temporarily disable certain resources without having to delete them from the configuration. This allows you to easily re-provide access to these resources at a later point of time without having to type in everything once again.
To suspend a resource, select it and choose the Suspend button: the status icon turns red, and from now on, the Cloud Connector will deny all requests coming in for this resource.
Add Resource (RFC)
In addition to allowing access to a particular host and port, you also must specify which function modules (Resources) are allowed to be invoked on that host. You can enter an optional description at this stage. The Cloud Connector uses very strict allowlists for its access control. Besides internally used infrastructure function modules, only function modules for which you explicitly granted access are allowed.
To define the permitted function modules for a particular backend system, choose the row corresponding to that backend system and choose Add in the Resources Accessible On... section (as shown in the following figure). A dialog box appears, prompting you to enter the specific function module name whose invoking you want to allow.
The Cloud Connector checks that the function module name of an incoming request is exactly as specified in the configuration. If it is not, the request is denied.
If you select the Prefix option, the Cloud Connector allows all incoming requests, for which the function module name begins with the specified string.
The Active checkbox allows you to specify whether that resource should be initially enabled or disabled.