In the secinfo file, you can define which external programs may be started or which external server programs may be registered on the gateway for up to and including Kernel Release 46D.

As of Release 6.40, the registration of external server programs is to be controlled using a separate file (reginfo). See Note 1069911 for more information.

The file name is defined by the parameter gw/reg_info. The default value for the path of the file is:
/usr/sap/<SID>/<INSTANCE>/data/secinfo

If the file does not exist, the system starts all external programs.

However, if the file exists but is empty, or if it does not contain valid lines, you must not start any external programs.

If you want to start an external program, the system searches the file for a valid entry. If it cannot find a valid entry, it refuses to start the external program and issues the following error message:

ERROR   user <usr> is not authorized to start TP <program name> on host
        <host>
RC      676 (GW_SECURITY_ERROR)

1. In this case, all programs must be listed separately with the relevant program ID (TP). If the program ID is generated dynamically (for example, for the BeX Analyzer), you can use wildcards (as of a certain patch level, see TP syntax below).

2. The host name (HOST ) and the host name of the user (USER HOST) must be specified separately. If there are many different hosts, this is very difficult.

3. In the exceptional case that an external program wants to start another external program and both communications run on the same host, you must enter “local” as the USER-HOST, otherwise a rejection occurs.