Additional Gateway Security

For security purposes, your web application will usually be designed to apply extra restrictions on incoming gateway requests. In Infor e-Business Suite applications, gateway access is typically controlled through the user-segmentation mechanism. In this way, access is typically controlled in two steps:

• Request segmentation – For each request (business object method) that is exposed to the Gateway based on its design-time settings (see Enabling methods for the XML Gateway), the presentation administrator must establish the set of user segments that can execute that request. This is done using the run-time administration interface for the application (for example, the Infor e-Commerce Business Center).

• User feature elements – The segmentation criteria used to control Gateway access are typically based on feature elements, which means that the feature elements associated with each user’s role will control whether or not a given user is a member of the segment that is able to execute a given method. Several feature elements may be established to give better control over the types of XML functions that will be available to each type of user.

The Infor e-Commerce Development Studio does not include any special features for creating or managing segmentation. This feature is custom programmed into e-Business Suite applications by Infor developers. See your e-Business application documentation for complete details about segmentation.

The Gateway is able to function without any segmentation-based control; segmentation simply offers an extra level of security typically added by e-Business Suite applications. You could instead develop or customize an application that would not apply segmentation checks to the Gateway.